touch-packages team mailing list archive
-
touch-packages team
-
Mailing list archive
-
Message #78522
[Bug 1454897] Re: libuuid user is created without a shell
We got this version in Ubuntu 15.04. The libuuid user does not exist any
more, it got renamed to uuidd. adduser creates system users without a
shell on purpose, as an additional security measure. That's not
something which we want to change.
** Changed in: util-linux (Ubuntu)
Status: New => Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to util-linux in Ubuntu.
https://bugs.launchpad.net/bugs/1454897
Title:
libuuid user is created without a shell
Status in util-linux package in Ubuntu:
Won't Fix
Status in util-linux package in Debian:
Fix Released
Bug description:
I'm reporting this bug against util-linux, which seems to be the
source package for the affected packages related to the libuuid user:
* libuuid1
* uuid-runtime
Both of these packages manage the "libuuid" user. However, neither one
of the sets a shell for the user. From the postinst scripts for both:
$ grep useradd /var/lib/dpkg/info/libuuid1\:amd64.postinst
useradd -d /var/lib/libuuid -K UID_MIN=$FIRST_SYSTEM_UID -K UID_MAX=$LAST_SYSTEM_UID -g libuuid libuuid
$ grep useradd /var/lib/dpkg/info/uuid-runtime.postinst
useradd -d /var/lib/libuuid -K UID_MIN=1 -K UID_MAX=499 -g libuuid libuuid
These postinst scripts should have a "-s /usr/sbin/nologin" (or
/bin/false), because this is clearly a "system" user - the home
directory is in /var/lib, and the UID/GID are set to a low range.
It would also be nice if the package included documentation that
indicates why this user is needed, and what purpose this directory
serves. I tried reading the util-linux source, but I couldn't find a
definitive answer to this.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1454897/+subscriptions
References