Debian Bug report logs - #166369
passwd: usermod -m wipes home if it cannot remove old directory

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Kalle Olavi Niemitalo <kon@iki.fi>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: passwd: usermod -m wipes home if it cannot remove old directory

Date: 25 Oct 2002 21:53:38 +0300

Package: passwd
Version: 20000902-12
Severity: critical, woody, sid

This came up in IRC.  Realquax had used this command on Debian 3.0:

  usermod -d /home1/quax -m quax

when the current home directory of quax was a mount point.
usermod then complained something like "couldn't remove dir quax"
and removed all the files in the directory.

This happens because of the following lines in usermod.c:

				if (copy_tree (user_home, user_newhome,
						uflg ? user_newid:-1,
						gflg ? user_newgid:-1) == 0 &&
					remove_tree (user_home) == 0 &&
						rmdir (user_home) == 0)
					return;

				(void) remove_tree (user_newhome);
				(void) rmdir (user_newhome);

The sequence of events:
- copy_tree succeeds; the files are in user_home and user_newhome
- remove_tree(user_home) succeeds; the files are in user_newhome
- rmdir(user_home) fails because user_home is a mount point;
  the files are still in user_newhome
- remove_tree(user_newhome) succeeds; the files are lost!

The program should be changed so that it does not
remove_tree(user_newhome) if it has already tried
remove_tree(user_home), even if that failed.

The newer shadow_1:4.0.3-1 in sid has the same lines, modulo
whitespace.

-- System Information
Debian Release: testing/unstable
Kernel Version: Linux Astalo 2.4.19-kon.astalo.1 #1 ke loka   23 07:29:48 EEST 2002 i686 AMD Duron(tm) processor AuthenticAMD GNU/Linux

Versions of the packages passwd depends on:
ii  libc6          2.3.1-1        GNU C Library: Shared libraries and Timezone
ii  libpam-modules 0.76-4         Pluggable Authentication Modules for PAM
ii  libpam0g       0.76-4         Pluggable Authentication Modules library
ii  login          4.0.3-1        System login tools

--- Begin /etc/pam.d/passwd (modified conffile)
password   required   pam_unix.so md5 nullok obscure min=4 max=8

--- End /etc/pam.d/passwd

Message #16 received at 166369@bugs.debian.org (full text, mbox, reply):

From: Timo Lindfors <lindi-spamtrap@newmail.com>

To: 166369@bugs.debian.org

Subject: patch: usermod: don't remove_tree(user_newhome) after trying remove_tree(user_home)

Date: Sat, 26 Oct 2002 00:02:24 +0300

[Message part 1 (text/plain, inline)]

Here's a patch (bug #166369) that fail_exit()'s and leaves files in
user_newhome untouched if either remove_tree(user_home) or
rmdir(user_home) has failed.

-lindi

[usermod.c.patch (text/plain, attachment)]

[Message part 3 (application/pgp-signature, inline)]

Message #21 received at 166369@bugs.debian.org (full text, mbox, reply):

From: Timo Lindfors <lindi-spamtrap@newmail.com>

To: 166369@bugs.debian.org

Subject: patch: usermod: don't remove_tree(user_newhome) after trying remove_tree(user_home) [updated]

Date: Sat, 26 Oct 2002 00:23:55 +0300

[Message part 1 (text/plain, inline)]

Whoops, I sent the wrong patch :/ Here's a new one..

-lindi

[Message part 2 (application/pgp-signature, inline)]

Message #26 received at 166369@bugs.debian.org (full text, mbox, reply):

From: Timo Lindfors <lindi-spamtrap@newmail.com>

To: 166369@bugs.debian.org

Subject: patch: usermod: don't remove_tree(user_newhome) after trying remove_tree(user_home) [updated2]

Date: Sat, 26 Oct 2002 00:30:27 +0300

[Message part 1 (text/plain, inline)]

Argh. It seems I forgot to actually include the patch...

-lindi

[usermod.c.patch (text/plain, attachment)]

[Message part 3 (application/pgp-signature, inline)]

Message #31 received at 166369@bugs.debian.org (full text, mbox, reply):

From: Kalle Olavi Niemitalo <kon@iki.fi>

To: 166369@bugs.debian.org

Subject: Re: Bug#166369: passwd: usermod -m wipes home if it cannot remove old directory

Date: 27 Oct 2002 10:07:02 +0200

If usermod cannot remove the original home directory, I think it
should display a warning like:

  usermod: warning: could not entirely remove /old/home

and then change the user databases to point to the new home
directory, because that at least contains a full set of files.
The sysadm can then remove /old/home later.  In this warning,
"entirely" indicates that usermod has probably removed some files
already, so that the contents of /old/home should not be trusted.

I don't know what the exit code of usermod should be if this
happens.  Some script might assume that usermod does not alter
the databases if it fails.  The manual page should mention this
issue.

Message #38 received at 166369-close@bugs.debian.org (full text, mbox, reply):

From: Karl Ramm <kcr@debian.org>

To: 166369-close@bugs.debian.org

Subject: Bug#166369: fixed in shadow 1:4.0.3-7

Date: Sun, 24 Nov 2002 23:32:28 -0500

We believe that the bug you reported is fixed in the latest version of
shadow, which is due to be installed in the Debian FTP archive:

login_4.0.3-7_i386.deb
  to pool/main/s/shadow/login_4.0.3-7_i386.deb
passwd_4.0.3-7_i386.deb
  to pool/main/s/shadow/passwd_4.0.3-7_i386.deb
shadow_4.0.3-7.diff.gz
  to pool/main/s/shadow/shadow_4.0.3-7.diff.gz
shadow_4.0.3-7.dsc
  to pool/main/s/shadow/shadow_4.0.3-7.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 166369@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Karl Ramm <kcr@debian.org> (supplier of updated shadow package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sun, 24 Nov 2002 21:40:30 -0500
Source: shadow
Binary: login passwd
Architecture: source i386
Version: 1:4.0.3-7
Distribution: unstable
Urgency: low
Maintainer: Karl Ramm <kcr@debian.org>
Changed-By: Karl Ramm <kcr@debian.org>
Description: 
 login      - System login tools
 passwd     - Change and administer password and group data.
Closes: 166369 166788
Changes: 
 shadow (1:4.0.3-7) unstable; urgency=low
 .
   * When relocating a user's home directory, don't fail and remove the new
     home directory if we can't remove the old home directory for some
     reason; the results can be spectularly poort if, for instance, only
     the rmdir() fails. closes: #166369
   * run dh_installdebconf so base-config will work.  *sigh*.  closes: #166788
Files: 
 c047577342d134cf01a4077c00e0fc0e 658 base required shadow_4.0.3-7.dsc
 55c6e4161c2f18ee83d2fbe8291db88a 200947 base required shadow_4.0.3-7.diff.gz
 8e8148fad4bfda85c9f1466ea9d269a4 431082 base required passwd_4.0.3-7_i386.deb
 70db848f8420f6068accf39615c0bf62 256532 base required login_4.0.3-7_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE94ZptscqS6KfYa5URAlExAJ9kO+GT7iYXYt0UlJvwubZG6/E78QCfWdCN
go8jCq+GXOhGzIHTZanuVGE=
=NQ2W
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.