From mboxrd@z Thu Jan 1 00:00:00 1970 From: Leo Famulari Subject: bug#24275: Misnamed directory in GuixSD Date: Mon, 22 Aug 2016 14:09:03 -0400 Message-ID: <20160822180903.GB17367@jasmine> References: <20160820201100.GA22429@jocasta.intra> <20160821231410.GA4548@jasmine> <87bn0lciy1.fsf@gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:45632) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bbtfw-0003Nc-24 for bug-guix@gnu.org; Mon, 22 Aug 2016 14:10:21 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bbtfg-0004Hi-Jl for bug-guix@gnu.org; Mon, 22 Aug 2016 14:10:18 -0400 Received: from debbugs.gnu.org ([208.118.235.43]:39421) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bbtfe-0004HD-Bf for bug-guix@gnu.org; Mon, 22 Aug 2016 14:10:04 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1bbtfe-0006uO-7k for bug-guix@gnu.org; Mon, 22 Aug 2016 14:10:02 -0400 Sender: "Debbugs-submit" Resent-Message-ID: Content-Disposition: inline In-Reply-To: List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: Vincent Legoll Cc: Alex Kost , 24275@debbugs.gnu.org, John Darrington On Mon, Aug 22, 2016 at 10:47:51AM +0200, Vincent Legoll wrote: > Hello, > > > IIUC it happens because the home directory is created only when a user > > is added, and is not changed when the user is modified. See (gnu build > > activation) module: > > > > - 'add-user' runs "useradd" with "-d" option to create home dir > > Maybe the nobody user should be special cased, not to run useradd with > -d, the non existent directory, should really not exist for nobody. This is a > (very small ?) security enhancement, I think... My Debian system uses '/nonexistent' for the nobody user's passwd entry, but the directory does not actually exist. > If this is the way to go, I can have a shot at it... > > > - 'modify-user' runs "usermod" without "-d" (and without "--move-home") > > > > So the home of nobody was not changed for us to '/nonexistent' when the > > nobody user was changed. > > > > As for me, I wouldn't like to have this directory, and I think it > > shouldn't be created (if it is not really needed for nobody user). > > Ditto. I don't fully understand the implications of the change, but it seems like a worthwhile thing to try doing. At least you might learn something while implementing it :) I'll let more experienced people decide if it's the right thing to do.