libuuid user is created without a shell
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
util-linux (Debian) |
Fix Released
|
Unknown
|
|||
util-linux (Ubuntu) |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
I'm reporting this bug against util-linux, which seems to be the source package for the affected packages related to the libuuid user:
* libuuid1
* uuid-runtime
Both of these packages manage the "libuuid" user. However, neither one of the sets a shell for the user. From the postinst scripts for both:
$ grep useradd /var/lib/
useradd -d /var/lib/libuuid -K UID_MIN=
$ grep useradd /var/lib/
useradd -d /var/lib/libuuid -K UID_MIN=1 -K UID_MAX=499 -g libuuid libuuid
These postinst scripts should have a "-s /usr/sbin/nologin" (or /bin/false), because this is clearly a "system" user - the home directory is in /var/lib, and the UID/GID are set to a low range.
It would also be nice if the package included documentation that indicates why this user is needed, and what purpose this directory serves. I tried reading the util-linux source, but I couldn't find a definitive answer to this.
Changed in util-linux (Debian): | |
status: | Unknown → New |
Changed in util-linux (Debian): | |
status: | New → Fix Released |
I submitted this to Debian's bug tracker as well. I'll update this when I get a link.