[Bug 244967] pw userdel will delete a home directory not owned by the user (if it is empty)

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Sun Mar 22 04:03:55 UTC 2020 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=244967

            Bug ID: 244967
           Summary: pw userdel will delete a home directory not owned by
                    the user (if it is empty)
           Product: Base System
           Version: 12.1-RELEASE
          Hardware: Any
                OS: Any
            Status: New
          Keywords: patch
          Severity: Affects Some People
          Priority: ---
         Component: bin
          Assignee: bugs at FreeBSD.org
          Reporter: eric at erichanneken.com

Created attachment 212604
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=212604&action=edit
Patch to pw(8)

According to the man page for pw(8), pw userdel -n name -r

    will only remove files and directories that are actually owned by the
    user, or symbolic links owned by anyone under the user's
    home directory.

The man page for rmuser(8), which wraps pw(8), makes a similar promise. In
reality, the ownership check is performed only for files in the user's home
directory. The home directory itself, and any subdirectories, are deleted
without regard to who owns them. In most cases this is harmless because a
directory not owned by the user will usually also contain files not owned by
the user. pw won't delete the files, and its attempt to remove a non-empty
directory will fail.

But if the other-owned home directory is empty (or if its files are weirdly all
owned by the user being deleted), pw will delete it:

    # mkdir /var/shared
    # ls -ld /var/shared
    drwxr-xr-x  2 root  wheel  2 Mar 21 23:40 /var/shared
    # pw useradd -n testuser1 -d /var/shared
    # pw useradd -n testuser2 -d /var/shared
    # grep 'testuser' /etc/passwd
    testuser1:*:1002:1002:User &:/var/shared:/bin/sh
    testuser2:*:1003:1003:User &:/var/shared:/bin/sh
    # pw userdel -n testuser1 -r
    # grep 'testuser' /etc/passwd
    testuser2:*:1003:1003:User &:/var/shared:/bin/sh
    # ls -ld /var/shared
    ls: /var/shared: No such file or directory

I have attached a patch which adds the ownership check to directories. It was
made against revision 359195.

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-bugs mailing list