← Back to team overview

touch-packages team mailing list archive

[Bug 1454897] [NEW] libuuid user is created without a shell

 

Public bug reported:

I'm reporting this bug against util-linux, which seems to be the source
package for the affected packages related to the libuuid user:

* libuuid1
* uuid-runtime

Both of these packages manage the "libuuid" user. However, neither one
of the sets a shell for the user. From the postinst scripts for both:

$ grep useradd /var/lib/dpkg/info/libuuid1\:amd64.postinst
   useradd -d /var/lib/libuuid -K UID_MIN=$FIRST_SYSTEM_UID -K UID_MAX=$LAST_SYSTEM_UID -g libuuid libuuid

$ grep useradd /var/lib/dpkg/info/uuid-runtime.postinst
   useradd -d /var/lib/libuuid -K UID_MIN=1 -K UID_MAX=499 -g libuuid libuuid

These postinst scripts should have a "-s /usr/sbin/nologin" (or
/bin/false), because this is clearly a "system" user - the home
directory is in /var/lib, and the UID/GID are set to a low range.

It would also be nice if the package included documentation that
indicates why this user is needed, and what purpose this directory
serves. I tried reading the util-linux source, but I couldn't find a
definitive answer to this.

** Affects: util-linux (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: util-linux (Debian)
     Importance: Unknown
         Status: Unknown

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to util-linux in Ubuntu.
https://bugs.launchpad.net/bugs/1454897

Title:
  libuuid user is created without a shell

Status in util-linux package in Ubuntu:
  New
Status in util-linux package in Debian:
  Unknown

Bug description:
  I'm reporting this bug against util-linux, which seems to be the
  source package for the affected packages related to the libuuid user:

  * libuuid1
  * uuid-runtime

  Both of these packages manage the "libuuid" user. However, neither one
  of the sets a shell for the user. From the postinst scripts for both:

  $ grep useradd /var/lib/dpkg/info/libuuid1\:amd64.postinst
     useradd -d /var/lib/libuuid -K UID_MIN=$FIRST_SYSTEM_UID -K UID_MAX=$LAST_SYSTEM_UID -g libuuid libuuid

  $ grep useradd /var/lib/dpkg/info/uuid-runtime.postinst
     useradd -d /var/lib/libuuid -K UID_MIN=1 -K UID_MAX=499 -g libuuid libuuid

  These postinst scripts should have a "-s /usr/sbin/nologin" (or
  /bin/false), because this is clearly a "system" user - the home
  directory is in /var/lib, and the UID/GID are set to a low range.

  It would also be nice if the package included documentation that
  indicates why this user is needed, and what purpose this directory
  serves. I tried reading the util-linux source, but I couldn't find a
  definitive answer to this.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1454897/+subscriptions


Follow ups

References