[bionic] userdel doesn't check for local users
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| shadow (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
| Bionic |
New
|
Undecided
|
Unassigned | ||
Bug Description
Before trying to delete a user, userdel checks if the user exists. The problem is that this check is done using getpwnam(), which will query all nss sources from /etc/nsswitch.conf.
If a system has, for example, LDAP enabled, and userdel is called with the name of a user that only exists in LDAP, it will pass that check, and userdel will proceed and try to delete that user, which will obviously fail.
That might not sound like a big deal, but it is. As part of the checks it runs before deleting an user, it checks if there is any running process owned by that user. This means that it will do a getpwnam() call for each running process. On a busy machine, that can be thousands, and each one will trigger an LDAP lookup. Oops.
Upstream fixed this in commit https:/
Focal and later have this upstream version and are not affected.
| Changed in shadow (Ubuntu): | |
| status: | New → Fix Released |
