Package: adduser Version: 3.143 Severity: critical Justification: breaks unrelated software
## Add a new system user # adduser --system --group --home /var/lib/testuser testuser # echo $? 0 # id testuser uid=127(testuser) gid=138(testuser) groups=138(testuser) ## Re-Add the new system user # adduser --system --group --home /var/lib/testuser testuser warn: The home dir /var/lib/testuser you specified already exists. fatal: The system user `testuser' already exists. Exiting. ## Which seems to work fine # echo $? 0 ## Change it from locked to no password # sed -i 's/^testuser:\!:/testuser:\*:/g' /etc/shadow ## Re-Add the new system user # adduser --system --group --home /var/lib/testuser testuser warn: The home dir /var/lib/testuser you specified already exists. fatal: The system user `testuser' already exists. Exiting. ## Fails unexpected # echo $? 13 It looks like the check added in ee5cee1f32cc to addsysuser seems to be problematic: https://salsa.debian.org/debian/adduser/-/commit/ee5cee1f32ccaaf97c921c772fcc61dff0e4f053#fcb13654c5c3048ef5c4919c3aaf065a8c22cec6_562_568 > my $ret = existing_user_status($new_name, $new_uid); > if ($ret == (EXISTING_FOUND|EXISTING_SYSTEM)) { > # a user with this name already exists; it's a problem when it's not a > system user > log_fatal( mtx("The user `%s' already exists, but is not a system user. > Exiting."), $new_name ); > exit( RET_WRONG_OBJECT_PROPERTIES ); > } This should be true if EXISTING_FOUND bit is set BUT EXISTING_SYSTEM is NOT set. With setting password to locked, it works, because existing_user_status sets the EXISTING_LOCKED bit too to $ret, which means this condition is not true anymore. hth, br m -- System Information: Debian Release: trixie/sid APT prefers unstable APT policy: (504, 'unstable'), (503, 'testing'), (502, 'experimental'), (500, 'unstable-debug'), (1, 'experimental-debug') Architecture: amd64 (x86_64) Kernel: Linux 6.12.17-amd64 (SMP w/16 CPU threads; PREEMPT) Kernel taint flags: TAINT_WARN, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages adduser depends on: ii passwd 1:4.17.3-1 adduser recommends no packages. Versions of packages adduser suggests: ii cron 3.0pl1-194 ii liblocale-gettext-perl 1.07-7+b1 ii perl 5.40.1-2 pn quota <none> -- debconf information: adduser/title: adduser/homedir-permission: true
