Ubuntu
adduser package

catastrophic bug with deluser command -- destroys large number of system files

Bug #1890520 reported by Bill Yikes
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
adduser (Ubuntu)
New
Undecided
Unassigned

Bug Description

I installed rygel and created a specific rygel user to run it with (as directed by the docs). I then realized a specific user was not needed. To reverse my steps, I ran deluser which proceeded to delete lots of files that have nothing to do with the rygel user:

root@host:~# adduser --home /home/rygel --disabled-password --disabled-login --gecos 'Rygel media server' rygel
root@host:~# sudo su - rygel
rygel@host:$ systemctl start rygel
rygel@host:$ exit
root@host:~# deluser --remove-home --remove-all-files rygel
Looking for files to backup/remove ...
/usr/sbin/deluser: Cannot handle special file /etc/systemd/system/mdm.service
/usr/sbin/deluser: Cannot handle special file /etc/systemd/system/samba-ad-dc.service
/usr/sbin/deluser: Cannot handle special file /etc/systemd/system/cgmanager.service
/usr/sbin/deluser: Cannot handle special file /etc/systemd/system/cgproxy.service
/usr/sbin/deluser: Cannot handle special file /dev/vcsa7
/usr/sbin/deluser: Cannot handle special file /dev/vcsu7
/usr/sbin/deluser: Cannot handle special file /dev/vcs7
/usr/sbin/deluser: Cannot handle special file /dev/gpiochip0
/usr/sbin/deluser: Cannot handle special file /dev/dvdrw
/usr/sbin/deluser: Cannot handle special file /dev/dvd
/usr/sbin/deluser: Cannot handle special file /dev/cdrw
/usr/sbin/deluser: Cannot handle special file /dev/zfs
/usr/sbin/deluser: Cannot handle special file /dev/vhost-vsock
/usr/sbin/deluser: Cannot handle special file /dev/vhost-net
/usr/sbin/deluser: Cannot handle special file /dev/uhid
/usr/sbin/deluser: Cannot handle special file /dev/vhci
/usr/sbin/deluser: Cannot handle special file /dev/userio
/usr/sbin/deluser: Cannot handle special file /dev/nvram
/usr/sbin/deluser: Cannot handle special file /dev/btrfs-control
/usr/sbin/deluser: Cannot handle special file /dev/cuse
/usr/sbin/deluser: Cannot handle special file /dev/autofs
/usr/sbin/deluser: Cannot handle special file /dev/sde
/usr/sbin/deluser: Cannot handle special file /dev/sdd
/usr/sbin/deluser: Cannot handle special file /dev/sdc
/usr/sbin/deluser: Cannot handle special file /dev/sdb
/usr/sbin/deluser: Cannot handle special file /dev/sg5
/usr/sbin/deluser: Cannot handle special file /dev/sg4
/usr/sbin/deluser: Cannot handle special file /dev/sg3
/usr/sbin/deluser: Cannot handle special file /dev/sg2
/usr/sbin/deluser: Cannot handle special file /dev/vcsa6
/usr/sbin/deluser: Cannot handle special file /dev/vcsu6
/usr/sbin/deluser: Cannot handle special file /dev/vcs6
/usr/sbin/deluser: Cannot handle special file /dev/vcsa5
/usr/sbin/deluser: Cannot handle special file /dev/vcsu5
/usr/sbin/deluser: Cannot handle special file /dev/vcs5
/usr/sbin/deluser: Cannot handle special file /dev/vcsa4
/usr/sbin/deluser: Cannot handle special file /dev/vcsu4
/usr/sbin/deluser: Cannot handle special file /dev/vcs4
/usr/sbin/deluser: Cannot handle special file /dev/vcsa3
/usr/sbin/deluser: Cannot handle special file /dev/vcsu3
/usr/sbin/deluser: Cannot handle special file /dev/vcs3
/usr/sbin/deluser: Cannot handle special file /dev/vcsa2
/usr/sbin/deluser: Cannot handle special file /dev/vcsu2
/usr/sbin/deluser: Cannot handle special file /dev/vcs2
/usr/sbin/deluser: Cannot handle special file /dev/hidraw2
/usr/sbin/deluser: Cannot handle special file /dev/hidraw1
/usr/sbin/deluser: Cannot handle special file /dev/cdrom
/usr/sbin/deluser: Cannot handle special file /dev/hidraw0
/usr/sbin/deluser: Cannot handle special file /dev/fb0
/usr/sbin/deluser: Cannot handle special file /dev/i2c-5
/usr/sbin/deluser: Cannot handle special file /dev/i2c-4
/usr/sbin/deluser: Cannot handle special file /dev/i2c-3
/usr/sbin/deluser: Cannot handle special file /dev/i2c-2
/usr/sbin/deluser: Cannot handle special file /dev/i2c-1
/usr/sbin/deluser: Cannot handle special file /dev/i2c-0
/usr/sbin/deluser: Cannot handle special file /dev/rtc
/usr/sbin/deluser: Cannot handle special file /dev/stderr
/usr/sbin/deluser: Cannot handle special file /dev/stdout
/usr/sbin/deluser: Cannot handle special file /dev/stdin
/usr/sbin/deluser: Cannot handle special file /dev/sda6
/usr/sbin/deluser: Cannot handle special file /dev/sda5
/usr/sbin/deluser: Cannot handle special file /dev/sda3
/usr/sbin/deluser: Cannot handle special file /dev/sda2
/usr/sbin/deluser: Cannot handle special file /dev/sda1
/usr/sbin/deluser: Cannot handle special file /dev/sg1
/usr/sbin/deluser: Cannot handle special file /dev/sr0
/usr/sbin/deluser: Cannot handle special file /dev/sda
/usr/sbin/deluser: Cannot handle special file /dev/sg0
/usr/sbin/deluser: Cannot handle special file /dev/cpu_dma_latency
/usr/sbin/deluser: Cannot handle special file /dev/mcelog
/usr/sbin/deluser: Cannot handle special file /dev/rtc0
/usr/sbin/deluser: Cannot handle special file /dev/uinput
/usr/sbin/deluser: Cannot handle special file /dev/psaux
/usr/sbin/deluser: Cannot handle special file /dev/ppp
/usr/sbin/deluser: Cannot handle special file /dev/udmabuf
/usr/sbin/deluser: Cannot handle special file /dev/loop7
/usr/sbin/deluser: Cannot handle special file /dev/loop6
/usr/sbin/deluser: Cannot handle special file /dev/loop5
/usr/sbin/deluser: Cannot handle special file /dev/loop4
/usr/sbin/deluser: Cannot handle special file /dev/loop3
/usr/sbin/deluser: Cannot handle special file /dev/loop2
/usr/sbin/deluser: Cannot handle special file /dev/loop1
/usr/sbin/deluser: Cannot handle special file /dev/loop0
/usr/sbin/deluser: Cannot handle special file /dev/loop-control
/usr/sbin/deluser: Cannot handle special file /dev/hwrng
/usr/sbin/deluser: Cannot handle special file /dev/hpet
/usr/sbin/deluser: Cannot handle special file /dev/ttyprintk
/usr/sbin/deluser: Cannot handle special file /dev/ttyS31
/usr/sbin/deluser: Cannot handle special file /dev/ttyS30
/usr/sbin/deluser: Cannot handle special file /dev/ttyS29
/usr/sbin/deluser: Cannot handle special file /dev/ttyS28
/usr/sbin/deluser: Cannot handle special file /dev/ttyS27
/usr/sbin/deluser: Cannot handle special file /dev/ttyS26
/usr/sbin/deluser: Cannot handle special file /dev/ttyS25
/usr/sbin/deluser: Cannot handle special file /dev/ttyS24
/usr/sbin/deluser: Cannot handle special file /dev/ttyS23
/usr/sbin/deluser: Cannot handle special file /dev/ttyS22
/usr/sbin/deluser: Cannot handle special file /dev/ttyS21
/usr/sbin/deluser: Cannot handle special file /dev/ttyS20
/usr/sbin/deluser: Cannot handle special file /dev/ttyS19
/usr/sbin/deluser: Cannot handle special file /dev/ttyS18
/usr/sbin/deluser: Cannot handle special file /dev/ttyS17
/usr/sbin/deluser: Cannot handle special file /dev/ttyS16
/usr/sbin/deluser: Cannot handle special file /dev/ttyS15
/usr/sbin/deluser: Cannot handle special file /dev/ttyS14
/usr/sbin/deluser: Cannot handle special file /dev/ttyS13
/usr/sbin/deluser: Cannot handle special file /dev/ttyS12
/usr/sbin/deluser: Cannot handle special file /dev/ttyS11
/usr/sbin/deluser: Cannot handle special file /dev/ttyS10
/usr/sbin/deluser: Cannot handle special file /dev/ttyS9
/usr/sbin/deluser: Cannot handle special file /dev/ttyS8
/usr/sbin/deluser: Cannot handle special file /dev/ttyS7
/usr/sbin/deluser: Cannot handle special file /dev/ttyS6
/usr/sbin/deluser: Cannot handle special file /dev/ttyS5
/usr/sbin/deluser: Cannot handle special file /dev/ttyS4
/usr/sbin/deluser: Cannot handle special file /dev/ttyS3
/usr/sbin/deluser: Cannot handle special file /dev/ttyS2
/usr/sbin/deluser: Cannot handle special file /dev/ttyS1
/usr/sbin/deluser: Cannot handle special file /dev/ttyS0
/usr/sbin/deluser: Cannot handle special file /dev/ptmx
/usr/sbin/deluser: Cannot handle special file /dev/fuse
/usr/sbin/deluser: Cannot handle special file /dev/ecryptfs
/usr/sbin/deluser: Cannot handle special file /dev/snapshot
/usr/sbin/deluser: Cannot handle special file /dev/tty63
/usr/sbin/deluser: Cannot handle special file /dev/tty62
/usr/sbin/deluser: Cannot handle special file /dev/tty61
/usr/sbin/deluser: Cannot handle special file /dev/tty60
/usr/sbin/deluser: Cannot handle special file /dev/tty59
/usr/sbin/deluser: Cannot handle special file /dev/tty58
/usr/sbin/deluser: Cannot handle special file /dev/tty57
/usr/sbin/deluser: Cannot handle special file /dev/tty56
/usr/sbin/deluser: Cannot handle special file /dev/tty55
/usr/sbin/deluser: Cannot handle special file /dev/tty54
/usr/sbin/deluser: Cannot handle special file /dev/tty53
/usr/sbin/deluser: Cannot handle special file /dev/tty52
/usr/sbin/deluser: Cannot handle special file /dev/tty51
/usr/sbin/deluser: Cannot handle special file /dev/tty50
/usr/sbin/deluser: Cannot handle special file /dev/tty49
/usr/sbin/deluser: Cannot handle special file /dev/tty48
/usr/sbin/deluser: Cannot handle special file /dev/tty47
/usr/sbin/deluser: Cannot handle special file /dev/tty46
/usr/sbin/deluser: Cannot handle special file /dev/tty45
/usr/sbin/deluser: Cannot handle special file /dev/tty44
/usr/sbin/deluser: Cannot handle special file /dev/tty43
/usr/sbin/deluser: Cannot handle special file /dev/tty42
/usr/sbin/deluser: Cannot handle special file /dev/tty41
/usr/sbin/deluser: Cannot handle special file /dev/tty40
/usr/sbin/deluser: Cannot handle special file /dev/tty39
/usr/sbin/deluser: Cannot handle special file /dev/tty38
/usr/sbin/deluser: Cannot handle special file /dev/tty37
/usr/sbin/deluser: Cannot handle special file /dev/tty36
/usr/sbin/deluser: Cannot handle special file /dev/tty35
/usr/sbin/deluser: Cannot handle special file /dev/tty34
/usr/sbin/deluser: Cannot handle special file /dev/tty33
/usr/sbin/deluser: Cannot handle special file /dev/tty32
/usr/sbin/deluser: Cannot handle special file /dev/tty31
/usr/sbin/deluser: Cannot handle special file /dev/tty30
/usr/sbin/deluser: Cannot handle special file /dev/tty29
/usr/sbin/deluser: Cannot handle special file /dev/tty28
...
etc.

Tags: security
Bill Yikes (yik3s)
affects: nuvexport (Ubuntu) → ubuntu
Kai Kasurinen (kai-kasurinen)
affects: ubuntu → adduser (Ubuntu)
Revision history for this message
Bill Yikes (yik3s) wrote :

Notice also there is a serious transparency problem. The output only shows files for which removal failed. This acutely heightens the destruction because it potentially destroyed *thousands* of files as I sat there and let it run. The tool gives no idea how what's being destroyed. The admin has to trust that their understanding of the scope of removal is accurate. In the absence of errors, an admin would let it run through to the end, resulting in maximum damage.

This tool badly needs a --simulate option. And regardless of simulation, it should show what files are affected.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.