deluser: check if specified home is a directory before removing it
On Alpine, some users use /dev/null as a home directory. When removing
such a user with `deluser --remove-home` this causes the /dev/null
device file to be removed which is undesirable. To prevent this pitfall,
check if the home directory specified for the user is an actual
directory (or a symlink to a directory).
Implementations of similar tools for other operating systems also
implement such checks. For instance, the OpenBSD rmuser(1)
implementation [0].
[0]: b69faa6c70/usr.sbin/adduser/rmuser.perl (L143-L151)
function old new delta
deluser_main 337 380 +43
Signed-off-by: Sören Tempel <soeren+git@soeren-tempel.net>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This commit is contained in:
parent
d30d1ebc11
commit
0356607264
@ -99,8 +99,14 @@ int deluser_main(int argc, char **argv)
|
|||||||
pfile = bb_path_passwd_file;
|
pfile = bb_path_passwd_file;
|
||||||
if (ENABLE_FEATURE_SHADOWPASSWDS)
|
if (ENABLE_FEATURE_SHADOWPASSWDS)
|
||||||
sfile = bb_path_shadow_file;
|
sfile = bb_path_shadow_file;
|
||||||
if (opt_delhome)
|
if (opt_delhome) {
|
||||||
remove_file(pw->pw_dir, FILEUTILS_RECUR);
|
struct stat st;
|
||||||
|
|
||||||
|
/* Make sure home is an actual directory before
|
||||||
|
* removing it (e.g. users with /dev/null as home) */
|
||||||
|
if (stat(pw->pw_dir, &st) == 0 && S_ISDIR(st.st_mode))
|
||||||
|
remove_file(pw->pw_dir, FILEUTILS_RECUR);
|
||||||
|
}
|
||||||
} else {
|
} else {
|
||||||
struct group *gr;
|
struct group *gr;
|
||||||
do_delgroup:
|
do_delgroup:
|
||||||
|
Loading…
Reference in New Issue
Block a user