Re: how to forbid debhelper to modify /home ?
On Fri, Sep 03, 2021 at 08:33:25AM -0400, Greg Wooledge wrote:
> On Fri, Sep 03, 2021 at 08:23:07AM -0400, Roberto C. Sánchez wrote:
> > On Fri, Sep 03, 2021 at 08:03:23AM -0400, Greg Wooledge wrote:
> > > Out of curiosity, I checked my system to see if there were any system
> > > users with home directories under /home. The only one I found is "ntp".
>
> > How old is your system? I just checked a machine that I initially as a
> > Woody (3.0) system in 2001 and there is no ntp user directory under
> > /home.
>
> Well, you probably didn't install the ntp pacakge. ;-)
>
> I *think* this system was installed as stretch, so I downloaded a stretch
> package of ntp:
>
> unicorn:~/tmp/x$ dpkg-deb -R ../ntp_4.2.8p10+dfsg-3+deb9u2_amd64.deb .
> unicorn:~/tmp/x$ grep adduser DEBIAN/postinst
> adduser --system --quiet --ingroup ntp --no-create-home ntp
>
> I'm not 100% sure, but I think that creates a user with a home directory
> under /home, even though it doesn't actually create that directory.
>
> I also just fired up a fresh wheezy chroot and the ntp postinst
> > has this:
> >
> > adduser --system --quiet --ingroup ntp --no-create-home ntp
> >
> > Did you perhaps modify your ntp config at a time when you might have
> > been limited on space under /var?
>
> ... uh, I don't think so?
>
> Let's test this sucker and find out:
>
> unicorn:~/tmp/x$ sudo adduser --system --quiet --ingroup ntp --no-create-home zzntp
> unicorn:~/tmp/x$ grep zzntp /etc/passwd
> zzntp:x:115:112::/home/zzntp:/usr/sbin/nologin
>
> As I guessed. That's what it did.
Quite right. That explains the motivation a few years ago to begin
explicitly specifying the home directory as /nonexistent for system
users not meant to have an actual home directory.
So, the existence of /home/ntp on the OP's system, or any system
installed from a Debian release prior to the last 4-ish years, could be
attributed to some process or series of actions that decides, "hey, this
ntp user's home directory is missing, I should create it". Whether
those actions be manual or the result of some script or service, that
seems the most likely way for that directory to appear on a system.
Regards,
-Roberto
--
Roberto C. Sánchez
Reply to: