Hi All, On Fri, 11 Feb 2022 07:21:38 +0100 Johannes Schauer Marin Rodrigues <jo...@debian.org> wrote: > Hi Jason, > > Quoting Jason Franklin (2022-02-11 03:14:23) > > I have been helping Marc Haber with some of the issues in adduser, so I > > suppose it is appropriate for me to chime in here. > > > > Thanks so much for the report and for the investigative work so far! > > > > Here are my thoughts... > > > > The "good" chroot has version 1:4.8.1-2 of passwd, and the "bad" chroot > > has version 1:4.11.1+dfsg1-1 of passwd. The changes between these two > > versions were substantial. > > > > > Quoting Bálint Réczey (2022-02-10 22:46:50) > > > > Apparently useradd correctly guessed system user ranges in the past, > > > > but this is not something to rely on. > > > > I do not think "useradd" ever attempted to guess whether a UID being > > added was in the system user range. Instead, it looks like hardcoded > > settings in the source code changed between the two versions above. To > > see this, you may reference the upstream shadow repository... > > > > Commit: > > https://github.com/shadow-maint/shadow/commit/bbf4b79bc49fd1826eb41f6629669ef0b647267b > > > > The key part of that change was this: > > > > - static const char *def_create_mail_spool = "no"; > > + static const char *def_create_mail_spool = "yes"; > > > > The "adduser" command never set the "-r" option previously, but the > > default in the upstream source was to not create the mail spool > > directories. Thus, this problem never surfaced. > > > > > the recent upload of shadow 1:4.11.1+dfsg1-1 made above patch necessary as > > > otherwise useradd will create empty directories in /var/mail and > > > /var/spool/mail for the system users _apt, systemd-network and > > > systemd-resolve. > > > This in turn breaks the testsuite of my package mmdebstrap. > > > > I think setting the "-r" option is the right approach, but we need to > > make sure that the new option doesn't do anything else that we do not > > expect for it to do. I can see that it does more than just omit creating > > the mail spool by default. > > > > The "passwd" package could be patched temporarily to undo the change > > from "no" to "yes" above. That would put us back at the old behavior for > > the time being. This patch could be removed in the not-to-far future, as > > I am committed to helping with supporting adduser and with fixing bugs > > new and old, including this one. :) > > > > Looking forward to hearing what Marc and others think on this one. > > thank you for chiming in and putting more details on the table! > > The change you found indeed seems like the creation of the spool directories > is > intentional.
Yes, thank you Jason for digging deeper. The change is intentional upstream, but I'd like to revert the behaviour in Debian to not change defaults: https://salsa.debian.org/rbalint/shadow/-/commit/b96c915fb68d3591c56f54b687e87af25579fe73 I'm happy that we agree on passing "-r" from adduser. I plan doing a new shadow upload next week with the revert and possibly with other fixes leaving this bug open because it is still a valid issue even with the original defaults. Cheers, Balint > I can also see how setting the -r option might have unintended side-effects. > > But the information you found already helps me to work around this problem > from
