Hello, On Mon, Aug 22, 2016 at 8:09 PM, Leo Famulari wrote: > On Mon, Aug 22, 2016 at 10:47:51AM +0200, Vincent Legoll wrote: >> >> > IIUC it happens because the home directory is created only when a user >> > is added, and is not changed when the user is modified. See (gnu build >> > activation) module: >> > >> > - 'add-user' runs "useradd" with "-d" option to create home dir >> >> Maybe the nobody user should be special cased, not to run useradd with >> -d, the non existent directory, should really not exist for nobody. This is a >> (very small ?) security enhancement, I think... > > My Debian system uses '/nonexistent' for the nobody user's passwd entry, > but the directory does not actually exist. > >> If this is the way to go, I can have a shot at it... >> >> > - 'modify-user' runs "usermod" without "-d" (and without "--move-home") >> > >> > So the home of nobody was not changed for us to '/nonexistent' when the >> > nobody user was changed. >> > >> > As for me, I wouldn't like to have this directory, and I think it >> > shouldn't be created (if it is not really needed for nobody user). >> >> Ditto. > > I don't fully understand the implications of the change, but it seems > like a worthwhile thing to try doing. At least you might learn something > while implementing it :) > > I'll let more experienced people decide if it's the right thing to do. I came with the attached patch, totally untested, probably wrong for some cases... The following is what I think I have implemented: At account creation time, do not create directories for system? accounts. At account modification, do not create directories, nor move existing ones, but change them in /etc/passwd WDYT ? -- Vincent Legoll