Debian Bug report logs -
#472349
adduser: please delay more than 5 seconds during deluser root
Reported by: Justin Pryzby <justinpryzby@users.sourceforge.net>
Date: Sun, 23 Mar 2008 17:57:05 UTC
Severity: normal
Tags: patch
Found in version adduser/3.106
Fixed in version adduser/3.107
Done: Stephen Gran <sgran@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Debian Adduser Developers <adduser-devel@lists.alioth.debian.org>:
Bug#472349; Package adduser.
(full text, mbox, link).
Acknowledgement sent to Justin Pryzby <justinpryzby@users.sourceforge.net>:
New Bug report received and forwarded. Copy sent to Debian Adduser Developers <adduser-devel@lists.alioth.debian.org>.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: adduser
Version: 3.106
Tags: patch
File: /usr/sbin/deluser
See also: #471705
This patch explicit statement that there is a time limit; without
this, users are likely to reread the huge warning rather than quickly
aborting/suspending the process to investigate.
--- /usr/sbin/deluser
+++ /tmp/tmp.FqfaY26055/deluser 2008-03-23 13:50:46.000000000 -0400
@@ -225,11 +225,13 @@
}
# Warn in any case if you want to remove the root account
- if ($uid == 0) {
+ if ($pw_uid == 0) {
+ my $delay=10;
printf (gtx("WARNING: You are just about to delete the root account (uid 0)\n"));
+ printf (gtx("This action will proceed in $delay seconds; "));
+ printf (gtx("Press Ctrl+C immediately to abort\n"));
printf (gtx("Usually this is never required as it may render the whole system unusable\n"));
- printf (gtx("Press immediately Ctrl+C if you want to abort\n"));
- sleep 5;
+ sleep $delay;
printf (gtx("Ok, you really want it, I'll delete that account\n"));
}
Information forwarded to debian-bugs-dist@lists.debian.org, Debian Adduser Developers <adduser-devel@lists.alioth.debian.org>:
Bug#472349; Package adduser.
(full text, mbox, link).
Acknowledgement sent to Paul Johnson <baloo@ursine.ca>:
Extra info received and forwarded to list. Copy sent to Debian Adduser Developers <adduser-devel@lists.alioth.debian.org>.
(full text, mbox, link).
Message #10 received at 472349@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Pardon the intrusion, I feel I need to speak up on this issue. I feel that
waiting on an interval before continuing instead of human confirmation on
removal of important role accounts is not failsafe behavior. I also suspect
this could probably be merged with #470464.
On Sunday 23 March 2008 10:53:15 am Justin Pryzby wrote:
> This patch explicit statement that there is a time limit; without
> this, users are likely to reread the huge warning rather than quickly
> aborting/suspending the process to investigate.
With something as grave as removing the root account, wouldn't it make much
more sense to ask for explicit confirmation to be entered and wait
indefinitely until that happens, similar to what you must do in dpkg or apt
if you try to remove base required packages? adduser/deluser sometimes get
called by apt themselves, possibly while the operator who called it has
abandoned their console to go get coffee or take care of some other task.
This has probably come to surprise more than just me thanks to bug #469165.
--
Paul Johnson
baloo@ursine.ca
[signature.asc (application/pgp-signature, inline)]
Information forwarded to debian-bugs-dist@lists.debian.org, Debian Adduser Developers <adduser-devel@lists.alioth.debian.org>:
Bug#472349; Package adduser.
(full text, mbox, link).
Acknowledgement sent to Stephen Gran <sgran@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Adduser Developers <adduser-devel@lists.alioth.debian.org>.
(full text, mbox, link).
Message #15 received at 472349@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
This one time, at band camp, Paul Johnson said:
> On Sunday 23 March 2008 10:53:15 am Justin Pryzby wrote:
>
> > This patch explicit statement that there is a time limit; without
> > this, users are likely to reread the huge warning rather than quickly
> > aborting/suspending the process to investigate.
>
> With something as grave as removing the root account, wouldn't it make much
> more sense to ask for explicit confirmation to be entered and wait
> indefinitely until that happens, similar to what you must do in dpkg or apt
> if you try to remove base required packages? adduser/deluser sometimes get
> called by apt themselves, possibly while the operator who called it has
> abandoned their console to go get coffee or take care of some other task.
This bug is mostly harmless when deluser is called without a foolish
flag like --remove-home or worse, --remove-all-files. It is possible,
of course, to say "no, you can't ever do that", but I do feel a little
uncomfortable second guessing an admin who wants to do something
drastically stupid - unix doesn't generally do that.
I agree that the harm caused by allowing people to effectively ask for
removal of the root account and all files that are uid 0 is stupid, so
what I propose is: allow removal of a uid 0 account, provided the
username is not root. Also, fail before doing anything if either of
--remove-home or --remove-all-files is given. Seem reasonable?
--
-----------------------------------------------------------------
| ,''`. Stephen Gran |
| : :' : sgran@debian.org |
| `. `' Debian user, admin, and developer |
| `- http://www.debian.org |
-----------------------------------------------------------------
[signature.asc (application/pgp-signature, inline)]
Information forwarded to debian-bugs-dist@lists.debian.org, Debian Adduser Developers <adduser-devel@lists.alioth.debian.org>:
Bug#472349; Package adduser.
(full text, mbox, link).
Acknowledgement sent to Justin Pryzby <justinpryzby@users.sourceforge.net>:
Extra info received and forwarded to list. Copy sent to Debian Adduser Developers <adduser-devel@lists.alioth.debian.org>.
(full text, mbox, link).
Message #20 received at 472349@bugs.debian.org (full text, mbox, reply):
On Mon, Mar 24, 2008 at 12:13:57AM +0000, Stephen Gran wrote:
> This one time, at band camp, Paul Johnson said:
> > On Sunday 23 March 2008 10:53:15 am Justin Pryzby wrote:
> >
> > > This patch explicit statement that there is a time limit; without
> > > this, users are likely to reread the huge warning rather than quickly
> > > aborting/suspending the process to investigate.
> >
> > With something as grave as removing the root account, wouldn't it make much
> > more sense to ask for explicit confirmation to be entered and wait
> > indefinitely until that happens, similar to what you must do in dpkg or apt
> > if you try to remove base required packages?
Yes, perhaps unless an environment variable is set (to allow it to
happen in batch, if that's hypothetically useful). I don't know if
it'd be sufficiently safe to initialize that variable to allow root's
removal if the stdio fd's are /dev/null or such.
> This bug is mostly harmless when deluser is called without a foolish
> flag like --remove-home or worse, --remove-all-files.
Really?
> It is possible,
> of course, to say "no, you can't ever do that", but I do feel a little
> uncomfortable second guessing an admin who wants to do something
> drastically stupid - unix doesn't generally do that.
OTOH adduser/deluser are considered to be high level tools, so it
perhaps it isn't entirely unreasonable to reject it at that level?
Justin
Information forwarded to debian-bugs-dist@lists.debian.org, Debian Adduser Developers <adduser-devel@lists.alioth.debian.org>:
Bug#472349; Package adduser.
(full text, mbox, link).
Acknowledgement sent to Justin Pryzby <justinpryzby@users.sourceforge.net>:
Extra info received and forwarded to list. Copy sent to Debian Adduser Developers <adduser-devel@lists.alioth.debian.org>.
(full text, mbox, link).
Message #25 received at 472349@bugs.debian.org (full text, mbox, reply):
On Sun, Mar 23, 2008 at 08:59:57PM -0400, Justin Pryzby wrote:
> On Mon, Mar 24, 2008 at 12:13:57AM +0000, Stephen Gran wrote:
> > This one time, at band camp, Paul Johnson said:
> > > On Sunday 23 March 2008 10:53:15 am Justin Pryzby wrote:
> > This bug is mostly harmless when deluser is called without a foolish
> > flag like --remove-home or worse, --remove-all-files.
> Really?
Sorry, I meant to expand on that. After removing root's passwd,
shadow and group entries, neither su nor sudo works (although single
user mode might), and I suspect pam prevents things like cron from
running normally.
Justin
Information forwarded to debian-bugs-dist@lists.debian.org, Debian Adduser Developers <adduser-devel@lists.alioth.debian.org>:
Bug#472349; Package adduser.
(full text, mbox, link).
Acknowledgement sent to Joerg Hoh <joerg@joerghoh.de>:
Extra info received and forwarded to list. Copy sent to Debian Adduser Developers <adduser-devel@lists.alioth.debian.org>.
(full text, mbox, link).
Message #30 received at 472349@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
On Mon, Mar 24, 2008 at 12:13:57AM +0000, Stephen Gran wrote:
>
> This bug is mostly harmless when deluser is called without a foolish
> flag like --remove-home or worse, --remove-all-files. It is possible,
> of course, to say "no, you can't ever do that", but I do feel a little
> uncomfortable second guessing an admin who wants to do something
> drastically stupid - unix doesn't generally do that.
>
> I agree that the harm caused by allowing people to effectively ask for
> removal of the root account and all files that are uid 0 is stupid, so
> what I propose is: allow removal of a uid 0 account, provided the
> username is not root. Also, fail before doing anything if either of
> --remove-home or --remove-all-files is given. Seem reasonable?
I would suggest to introduce a new parameter "--force"; without this flag
deluser refuses to remove the "root" account, but with this flag, deluser
will print a warning and then remove the account.
Joerg
--
What did you do to the cat? It looks half-dead. -Schroedinger's wife
[signature.asc (application/pgp-signature, inline)]
Information forwarded to debian-bugs-dist@lists.debian.org, Debian Adduser Developers <adduser-devel@lists.alioth.debian.org>:
Bug#472349; Package adduser.
(full text, mbox, link).
Acknowledgement sent to Stephen Gran <sgran@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Adduser Developers <adduser-devel@lists.alioth.debian.org>.
(full text, mbox, link).
Message #35 received at 472349@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
This one time, at band camp, Joerg Hoh said:
> On Mon, Mar 24, 2008 at 12:13:57AM +0000, Stephen Gran wrote:
> >
> > This bug is mostly harmless when deluser is called without a foolish
> > flag like --remove-home or worse, --remove-all-files. It is possible,
> > of course, to say "no, you can't ever do that", but I do feel a little
> > uncomfortable second guessing an admin who wants to do something
> > drastically stupid - unix doesn't generally do that.
> >
> > I agree that the harm caused by allowing people to effectively ask for
> > removal of the root account and all files that are uid 0 is stupid, so
> > what I propose is: allow removal of a uid 0 account, provided the
> > username is not root. Also, fail before doing anything if either of
> > --remove-home or --remove-all-files is given. Seem reasonable?
>
> I would suggest to introduce a new parameter "--force"; without this flag
> deluser refuses to remove the "root" account, but with this flag, deluser
> will print a warning and then remove the account.
Seems reasonable as well.
--
-----------------------------------------------------------------
| ,''`. Stephen Gran |
| : :' : sgran@debian.org |
| `. `' Debian user, admin, and developer |
| `- http://www.debian.org |
-----------------------------------------------------------------
[signature.asc (application/pgp-signature, inline)]
Reply sent to Stephen Gran <sgran@debian.org>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Justin Pryzby <justinpryzby@users.sourceforge.net>:
Bug acknowledged by developer.
(full text, mbox, link).
Message #40 received at 472349-close@bugs.debian.org (full text, mbox, reply):
Source: adduser
Source-Version: 3.107
We believe that the bug you reported is fixed in the latest version of
adduser, which is due to be installed in the Debian FTP archive:
adduser_3.107.dsc
to pool/main/a/adduser/adduser_3.107.dsc
adduser_3.107.tar.gz
to pool/main/a/adduser/adduser_3.107.tar.gz
adduser_3.107_all.deb
to pool/main/a/adduser/adduser_3.107_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 472349@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Stephen Gran <sgran@debian.org> (supplier of updated adduser package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Thu, 27 Mar 2008 20:43:30 +0000
Source: adduser
Binary: adduser
Architecture: source all
Version: 3.107
Distribution: unstable
Urgency: low
Maintainer: Debian Adduser Developers <adduser-devel@lists.alioth.debian.org>
Changed-By: Stephen Gran <sgran@debian.org>
Description:
adduser - add and remove users and groups
Closes: 469165 470464 470847 471705 471903 472349
Changes:
adduser (3.107) unstable; urgency=low
.
[ Joerg Hoh ]
* deluser: fix really annoying message about removing root account when removing
just a simple user. (Closes: #469165, #470464, #470847, #471705, #472349)
.
[ Stephen Gran ]
* Translations:
- eu (thanks Piarres Beobide <pi@beobide.net>)(closes: #471903)
Files:
0dd290f4b8f57d3d61413596163adf01 835 admin important adduser_3.107.dsc
85f472ae5cedaea852c487ce7f6bd1e3 264145 admin important adduser_3.107.tar.gz
f5bf39bfa88f28632bb193990976314f 172946 admin important adduser_3.107_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFH7AdrSYIMHOpZA44RAhXvAJ963469wSRtHT2vJjA5ly6CcnYikgCeP3zw
BDly+ZSSNl1pi52FpyHk3Bk=
=b/dk
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Tue, 06 May 2008 07:39:31 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Sat Jul 1 21:02:57 2023;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.