deluser: check if specified home is a directory before removing it

On Alpine, some users use /dev/null as a home directory. When removing
such a user with `deluser --remove-home` this causes the /dev/null
device file to be removed which is undesirable. To prevent this pitfall,
check if the home directory specified for the user is an actual
directory (or a symlink to a directory).

Implementations of similar tools for other operating systems also
implement such checks. For instance, the OpenBSD rmuser(1)
implementation [0].

[0]: https://github.com/openbsd/src/blob/b69faa6c70c5bfcfdddc6138cd8e0ee18cc15b03/usr.sbin/adduser/rmuser.perl#L143-L151

function                                             old     new   delta
deluser_main                                         337     380     +43

Signed-off-by: Sören Tempel <soeren+git@soeren-tempel.net>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>

loginutils/deluser.c

@@ -99,8 +99,14 @@ int deluser_main(int argc, char **argv)
 			pfile = bb_path_passwd_file;
 			if (ENABLE_FEATURE_SHADOWPASSWDS)
 				sfile = bb_path_shadow_file;
-			if (opt_delhome)
-				remove_file(pw->pw_dir, FILEUTILS_RECUR);
+			if (opt_delhome) {
+				struct stat st;
+
+				/* Make sure home is an actual directory before
+				 * removing it (e.g. users with /dev/null as home) */
+				if (stat(pw->pw_dir, &st) == 0 && S_ISDIR(st.st_mode))
+					remove_file(pw->pw_dir, FILEUTILS_RECUR);
+			}
 		} else {
 			struct group *gr;
  do_delgroup: