[arch-general] [tor] User and group entries are left over in passwd and gshadow after removal, makes pwck and shadow.service fail

Doug Newgard scimmia at archlinux.info
Mon Jan 25 16:45:17 UTC 2016 

On Mon, 25 Jan 2016 17:29:51 +0100
Bastien Traverse <neitsab at esrevart.net> wrote:

> Hi,
> 
> I opened FS#47893 [1] to discuss this issue, but it's been closed with 
> no delay and I can't really have a discussion via re-opening requests.
> 
> Upon installation of the tor package, directory /var/lib/tor is created 
> (see PKGBUILD#40 [2]). Upon uninstallation, it is automatically deleted 
> **only if empty**:
> 
> # pacman -S tor
> # touch /var/lib/tor/test
> # pacman -Rns tor
> # ls -lah /var/lib/tor
> total 8,0K
> drwx------ 2 tor tor 4,0K 25 janv. 16:50 .
> drwxr-xr-x 39 root root 4,0K 25 janv. 16:50 ..
> -rw-r--r-- 1 root root 0 25 janv. 16:50 test
> 
> # rm -rf /var/lib/tor
> 
> # pacman -S tor
> ...
> (1/1) installing tor
> error: command failed to execute correctly
> ...
> # pacman -Rns tor
> # ls -lah /var/lib/tor
> ls: cannot access /var/lib/tor: No such file or directory
> 
> However, tor user and group (UID/GID 43) created via post_install() hook 
> [3] are not removed:
> 
> # pacman -Rns tor
> $ id tor
> uid=43(tor) gid=43(tor) groupes=43(tor)
> 
> This makes shadow.service fail at bootup:
> 
> pwck[718]: tor user: directory « /var/lib/tor » does not exist
> pwck[718]: pwck : no change
> systemd[1]: shadow.service: Main process exited, code=exited, 
> status=2/INVALIDARGUMENT
> systemd[1]: Failed to start Verify integrity of password and group files.
> systemd[1]: shadow.service: Unit entered failed state.
> systemd[1]: shadow.service: Failed with result 'exit-code'.
> 
> Same for pwck.
> 
> What I asked in FS#47893 was to add a post_uninstall() hook to remove 
> tor user (e.g. with `userdel tor`), so that **if /var/lib/tor has been 
> deleted automatically** because it was empty, pwck doesn't trip on home 
> dir verification.
> 
> Note that if /var/lib/tor isn't empty, `userdel tor` would merely remove 
> the user entry and not delete its home directory (-r switch). Therefore, 
> no data loss. Moreover, I believe it is possible to condition user 
> deletion on directory existence (e.g. `if [ ! -e /var/lib/tor ]; then 
> userdel tor; else :`), so that could do it too.
> 
> Reason for closing was "Not a bug / So fix it. This isn't something that 
> can be dealt with automatically". I fail to see how it is so, but if I'm 
> wrong please tell me so and why.
> 
> Thanks,
> Bastien
> 
> [1] https://bugs.archlinux.org/task/47893
> [2] 
> https://projects.archlinux.org/svntogit/community.git/tree/trunk/PKGBUILD?h=packages/tor#n40
> [3] 
> https://projects.archlinux.org/svntogit/community.git/tree/trunk/tor.install?h=packages/tor

Dev discussion here:
vhttps://lists.archlinux.org/pipermail/arch-dev-public/2015-February/026953.html

More information about the arch-general mailing list