bug#24275: Misnamed directory in GuixSD

[Vincent Legoll]

Hello,

On Mon, Aug 22, 2016 at 8:09 PM, Leo Famulari <address@hidden> wrote:
> On Mon, Aug 22, 2016 at 10:47:51AM +0200, Vincent Legoll wrote:
>>
>> > IIUC it happens because the home directory is created only when a user
>> > is added, and is not changed when the user is modified.  See (gnu build
>> > activation) module:
>> >
>> > - 'add-user' runs "useradd" with "-d" option to create home dir
>>
>> Maybe the nobody user should be special cased, not to run useradd with
>> -d, the non existent directory, should really not exist for nobody. This is a
>> (very small ?) security enhancement, I think...
>
> My Debian system uses '/nonexistent' for the nobody user's passwd entry,
> but the directory does not actually exist.
>
>> If this is the way to go, I can have a shot at it...
>>
>> > - 'modify-user' runs "usermod" without "-d" (and without "--move-home")
>> >
>> > So the home of nobody was not changed for us to '/nonexistent' when the
>> > nobody user was changed.
>> >
>> > As for me, I wouldn't like to have this directory, and I think it
>> > shouldn't be created (if it is not really needed for nobody user).
>>
>> Ditto.
>
> I don't fully understand the implications of the change, but it seems
> like a worthwhile thing to try doing. At least you might learn something
> while implementing it :)
>
> I'll let more experienced people decide if it's the right thing to do.

I came with the attached patch, totally untested, probably wrong for some
cases...

The following is what I think I have implemented:

At account creation time, do not create directories for system? accounts.

At account modification, do not create directories, nor move existing ones,
but change them in /etc/passwd

WDYT ?

-- 
Vincent Legoll

0001-Avoid-creating-system-user-s-home-directories.patch
Description: Text Data