Reuse of a user id causes a transfer of ownership of a file from deleted user to newly created user
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
adduser (Debian) |
Confirmed
|
Unknown
|
|||
adduser (Ubuntu) |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: bash
The scenario goes like this; this is a description of exactly what I did. User test existed on the system. I delete user test and create user test again. Then i go to a folder with rwxrwxrwx permissions that is /home/rakesh/test and switch user to test from root. Next I create a file hello.sh and give it permissions rwsrwsrwx. After that I exit user test and get back to root and delete user test, which results in the owner and group of the file changing to 1001 which was the uid&gid assigned to test. This is all fine.
Now, I create user test2 and uid 1001 gets reused. Doing ls -l now shows me that hello.sh now has owner test2. Whats even more interesting is that the setuid still remains. How is this valid behaviour?
Version Info:
root@rakesh-
Linux rakesh-vm 2.6.24-21-generic #1 SMP Tue Oct 21 23:43:45 UTC 2008 i686 GNU/Linux
root@rakesh-
Ubuntu 8.04.1 \n \l
Below is the actual console output:
-- Start copy paste from console --
root@rakesh-
root@rakesh-vm:~# deluser test
Removing user `test' ...
Warning: Removing group `test', since no other user is part of it.
Done.
root@rakesh-vm:~# clear
root@rakesh-vm:~# clear
root@rakesh-vm:~# adduser test
Adding user `test' ...
Adding new group `test' (1001) ...
Adding new user `test' (1001) with group `test' ...
The home directory `/home/test' already exists. Not copying from `/etc/skel'.
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
Changing the user information for test
Enter the new value, or press ENTER for the default
Full Name []:
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [y/N] y
root@rakesh-vm:~# cd /home/rakesh/test
root@rakesh-
root@rakesh-
test@rakesh-
test@rakesh-
echo $HOME
test@rakesh-
-rw-r--r-- 1 test test 11 2008-11-10 17:21 hello.sh
test@rakesh-
test@rakesh-
test@rakesh-
total 4
-rwsrwsrwx 1 test test 11 2008-11-10 17:21 hello.sh
test@rakesh-
exit
root@rakesh-
/root
root@rakesh-
total 4
-rwsrwsrwx 1 test test 11 2008-11-10 17:21 hello.sh
root@rakesh-
Removing user `test' ...
Warning: Removing group `test', since no other user is part of it.
Done.
root@rakesh-
total 4
-rwsrwsrwx 1 1001 1001 11 2008-11-10 17:21 hello.sh
root@rakesh-
Adding user `test2' ...
Adding new group `test2' (1001) ...
Adding new user `test2' (1001) with group `test2' ...
Creating home directory `/home/test2' ...
Copying files from `/etc/skel' ...
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
Changing the user information for test2
Enter the new value, or press ENTER for the default
Full Name []:
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [y/N] y
root@rakesh-
total 4
-rwsrwsrwx 1 test2 test2 11 2008-11-10 17:21 hello.sh
root@rakesh-
Linux rakesh-vm 2.6.24-21-generic #1 SMP Tue Oct 21 23:43:45 UTC 2008 i686 GNU/Linux
root@rakesh-
Ubuntu 8.04.1 \n \l
root@rakesh-
-- End copy paste from console --
description: | updated |
Changed in adduser (Debian): | |
status: | Unknown → Confirmed |
This is the way Unix file permissions work.
Either you need to make sure the user you delete doesn't own any files before you create a new user, or you should simply disable user accounts instead of deleting them.