Ubuntu
adduser package

Merge ~skia/ubuntu/+source/adduser:skia/merge_3.137ubuntu2_3.152 into ubuntu/+source/adduser:debian/sid

  1. Git
  2. lp:~skia/ubuntu/+source/adduser
  3. skia/merge_3.137ubuntu2_3.152
  4. Merge into debian/sid
Proposed by Skia
Status: Merged
Merge reported by: Skia
Merged at revision: 332f26c9328168b9921548934688b7e6f374a7a7
Proposed branch: ~skia/ubuntu/+source/adduser:skia/merge_3.137ubuntu2_3.152
Merge into: ubuntu/+source/adduser:debian/sid
Diff against target: 1023 lines (+573/-53)
11 files modified
AdduserCommon.pm (+3/-2)
adduser (+124/-36)
adduser.conf (+6/-4)
debian/changelog (+364/-0)
debian/control (+3/-2)
debian/preinst (+8/-6)
debian/tests/control (+4/-0)
debian/tests/ecryptfs/encrypt_home.t (+31/-0)
debian/tests/f/homedir_modes.t (+2/-2)
deluser (+18/-0)
doc/adduser.8 (+10/-1)
Reviewer Review Type Date Requested Status
Sebastien Bacher (community) Approve
Canonical Server Reporter Pending
git-ubuntu import Pending
Review via email: mp+486037@code.launchpad.net

Description of the change

Build is in this PPA: https://launchpad.net/~hyask/+archive/ubuntu/shadow-merge-2098865/+packages

autopkgtest:
  - adduser/3.152ubuntu1~skiappa2, shadow/1:4.17.4-2ubuntu1~skiappa1
    + ✅ adduser on questing for amd64 @ 26.05.25 13:27:28
      • Log: https://autopkgtest.ubuntu.com/results/autopkgtest-questing-hyask-shadow-merge-2098865/questing/amd64/a/adduser/20250526_132728_3f9cc@/log.gz
    + ✅ adduser on questing for arm64 @ 26.05.25 14:54:41
      • Log: https://autopkgtest.ubuntu.com/results/autopkgtest-questing-hyask-shadow-merge-2098865/questing/arm64/a/adduser/20250526_145441_456c4@/log.gz
    + ✅ adduser on questing for armhf @ 26.05.25 14:51:15
      • Log: https://autopkgtest.ubuntu.com/results/autopkgtest-questing-hyask-shadow-merge-2098865/questing/armhf/a/adduser/20250526_145115_9f5e4@/log.gz
    + ✅ adduser on questing for i386 @ 26.05.25 14:49:38
      • Log: https://autopkgtest.ubuntu.com/results/autopkgtest-questing-hyask-shadow-merge-2098865/questing/i386/a/adduser/20250526_144938_0daf5@/log.gz
    + ✅ adduser on questing for ppc64el @ 26.05.25 16:29:33
      • Log: https://autopkgtest.ubuntu.com/results/autopkgtest-questing-hyask-shadow-merge-2098865/questing/ppc64el/a/adduser/20250526_162933_d952c@/log.gz
    + s390x is facing infrastructure issues right now

To post a comment you must log in.
Revision history for this message
Skia (skia) :
Revision history for this message
Sebastien Bacher (seb128) wrote :

Thanks, it's looking good, I only have a few minor nitpicks where we should follow Debian and update the syntax to stop using "&".

review: Needs Fixing
Revision history for this message
Skia (skia) wrote :

Fair enough. I must admit my perl isn't fluent at all, and as soon as I had a code that worked, I didn't push through to actually question it further, so thanks a lot for spotting that and making me look up some details on that ampersand syntax. :-)
I've updated this branch, and uploaded version 3.152ubuntu1~skiappa4 to my PPA for testing.

Revision history for this message
Skia (skia) wrote :

Looking good so far

  - adduser/3.152ubuntu1~skiappa4
    + ✅ adduser on questing for amd64 @ 06.06.25 14:33:43
      • Log: https://autopkgtest.ubuntu.com/results/autopkgtest-questing-hyask-shadow-merge-2098865/questing/amd64/a/adduser/20250606_143343_c3ec0@/log.gz
    + ✅ adduser on questing for arm64 @ 06.06.25 14:36:53
      • Log: https://autopkgtest.ubuntu.com/results/autopkgtest-questing-hyask-shadow-merge-2098865/questing/arm64/a/adduser/20250606_143653_df66b@/log.gz
    + ✅ adduser on questing for armhf @ 06.06.25 14:36:49
      • Log: https://autopkgtest.ubuntu.com/results/autopkgtest-questing-hyask-shadow-merge-2098865/questing/armhf/a/adduser/20250606_143649_881b1@/log.gz
    + ✅ adduser on questing for i386 @ 06.06.25 14:34:26
      • Log: https://autopkgtest.ubuntu.com/results/autopkgtest-questing-hyask-shadow-merge-2098865/questing/i386/a/adduser/20250606_143426_a0aa6@/log.gz
    + s390x still running
    + ppc64el still running
    + riscv64 still running

Revision history for this message
Sebastien Bacher (seb128) wrote :

Thanks! Uploaded now

review: Approve
Revision history for this message
Sebastien Bacher (seb128) wrote :

It migrated to questing now so it can be marked as merged by someone who has rights

Revision history for this message
Skia (skia) wrote :

Done, thanks for the review and sponsor!

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/AdduserCommon.pm b/AdduserCommon.pm
2index dbf3905..e71f9f7 100644
3--- a/AdduserCommon.pm
4+++ b/AdduserCommon.pm
5@@ -464,8 +464,8 @@ sub preseed_config {
6 grouphomes => "no",
7 letterhomes => "no",
8 quotauser => "",
9- dir_mode => "0700",
10- sys_dir_mode => "0755",
11+ dir_mode => "0750",
12+ sys_dir_mode => "0750",
13 setgid_home => "no",
14 no_del_paths => "^/bin\$ ^/boot\$ ^/dev\$ ^/etc\$ ^/initrd ^/lib ^/lost+found\$ ^/media\$ ^/mnt\$ ^/opt\$ ^/proc\$ ^/root\$ ^/run\$ ^/sbin\$ ^/srv\$ ^/sys\$ ^/tmp\$ ^/usr\$ ^/var\$ ^/vmlinu",
15 name_regex => def_name_regex,
16@@ -474,6 +474,7 @@ sub preseed_config {
17 skel_ignore_regex => "\.(dpkg|ucf)-(old|new|dist)\$",
18 extra_groups => "users",
19 add_extra_groups => 0,
20+ use_extrausers => 0,
21 uid_pool => "",
22 gid_pool => "",
23 reserve_uid_pool => "yes",
24diff --git a/adduser b/adduser
25index c0e8796..0f10c49 100755
26--- a/adduser
27+++ b/adduser
28@@ -112,6 +112,7 @@ my $disabled_login = 0; # leave the new account disabled?
29
30 our @configfiles;
31 our @defaults = undef;
32+our $encrypt_home = undef;
33 our $found_group_opt = undef;
34 our $found_sys_opt = undef;
35 our $ingroup_name = undef;
36@@ -126,6 +127,7 @@ our $new_uid = undef;
37 our $no_create_home = undef;
38 our $special_home = undef;
39 our $special_shell = undef;
40+our $use_extrausers = 0;
41 our $add_extra_groups;
42 our $add_extra_groups_old;
43
44@@ -168,6 +170,8 @@ GetOptions(
45 'logmsglevel=s' => \$logmsglevel,
46 'disabled-login' => sub { $disabled_login = 1; $ask_passwd = 0 },
47 'disabled-password' => sub { $ask_passwd = 0 },
48+ 'encrypt-home' => \$encrypt_home,
49+ 'extrausers' => \$use_extrausers,
50 'firstgid=i' => \$new_firstgid,
51 'firstuid=i' => \$new_firstuid,
52 'force-badname' => sub { $name_check_level = 1 unless $name_check_level },
53@@ -332,6 +336,11 @@ if ($found_group_opt) {
54 }
55 }
56
57+my $ecryptfs_setup_private;
58+if (defined($encrypt_home)) {
59+ $ecryptfs_setup_private = which('ecryptfs-setup-private');
60+}
61+
62
63 # read the uid and gid pool
64 if ($config{"uid_pool"}) {
65@@ -477,7 +486,12 @@ if ($action eq "addsysgroup") {
66
67 log_info( mtx("Adding group `%s' (GID %d) ..."), $new_name, $gid_option);
68 my $groupadd = which('groupadd');
69- my $ga_ret = systemcall_useradd($name_check_level, $groupadd, '-g', $gid_option, $new_name);
70+ my $ga_ret;
71+ if ( ($use_extrausers) || ($config{"use_extrausers"}) ) {
72+ $ga_ret = systemcall_useradd($name_check_level, $groupadd, '--extrausers', '-g', $gid_option, $new_name);
73+ } else {
74+ $ga_ret = systemcall_useradd($name_check_level, $groupadd, '-g', $gid_option, $new_name);
75+ }
76 if( $ga_ret == RET_INVALID_NAME_FROM_USERADD ) {
77 $returnvalue = RET_INVALID_NAME_FROM_USERADD;
78 }
79@@ -522,7 +536,12 @@ if ($action eq "addgroup") {
80
81 log_info( mtx("Adding group `%s' (GID %d) ..."), $new_name, $gid_option);
82 my $groupadd = which('groupadd');
83- my $ga_ret = systemcall_useradd($name_check_level, $groupadd, '-g', $gid_option, $new_name);
84+ my $ga_ret;
85+ if ( ($use_extrausers) || ($config{"use_extrausers"}) ) {
86+ $ga_ret = systemcall_useradd($name_check_level, $groupadd, '--extrausers', '-g', $gid_option, $new_name);
87+ } else {
88+ $ga_ret = systemcall_useradd($name_check_level, $groupadd, '-g', $gid_option, $new_name);
89+ }
90 if( $ga_ret == RET_INVALID_NAME_FROM_USERADD ) {
91 $returnvalue = RET_INVALID_NAME_FROM_USERADD;
92 }
93@@ -553,7 +572,11 @@ if ($action eq 'addusertogroup') {
94 log_info( mtx("Adding user `%s' to group `%s' ..."), $existing_user, $existing_group );
95
96 acquire_lock();
97- systemcall('/usr/sbin/usermod', '-a', '-G', $existing_group, $existing_user);
98+ if ( ($use_extrausers) || ($config{"use_extrausers"}) ) {
99+ systemcall('/usr/sbin/usermod', '--extrausers', '-a', '-G', $existing_group, $existing_user);
100+ } else {
101+ systemcall('/usr/sbin/usermod', '-a', '-G', $existing_group, $existing_user);
102+ }
103 release_lock();
104
105 exit( $returnvalue );
106@@ -640,7 +663,12 @@ if ($action eq "addsysuser") {
107 log_info( mtx("Adding new group `%s' (GID %d) ..."), $new_name, $gid_option );
108 $undogroup = $new_name;
109 my $groupadd = which('groupadd');
110- my $ga_ret = systemcall_useradd($name_check_level, $groupadd, '-g', $gid_option, $new_name);
111+ my $ga_ret;
112+ if ( ($use_extrausers) || ($config{"use_extrausers"}) ) {
113+ $ga_ret = systemcall_useradd($name_check_level, $groupadd, '--extrausers', '-g', $gid_option, $new_name);
114+ } else {
115+ $ga_ret = systemcall_useradd($name_check_level, $groupadd, '-g', $gid_option, $new_name);
116+ }
117 if( $ga_ret == RET_INVALID_NAME_FROM_USERADD ) {
118 $returnvalue = RET_INVALID_NAME_FROM_USERADD;
119 }
120@@ -664,16 +692,30 @@ if ($action eq "addsysuser") {
121 $undouser = $new_name;
122
123 my $useradd = which('useradd');
124- my $ua_ret = systemcall_useradd($name_check_level,
125- $useradd,
126- '-r',
127- '-K', sprintf('SYS_UID_MIN=%d', $new_firstuid || $config{'first_system_uid'}),
128- '-K', sprintf('SYS_UID_MAX=%d', $new_lastuid || $config{'last_system_uid'}),
129- '-d', $home_dir,
130- '-g', $ingroup_name,
131- '-s', $shell,
132- '-u', $new_uid,
133- $new_name);
134+ my $ua_ret;
135+ if ( ($use_extrausers) || ($config{"use_extrausers"}) ) {
136+ $ua_ret = systemcall_useradd($name_check_level,
137+ $useradd, '--extrausers',
138+ '-r',
139+ '-K', sprintf('SYS_UID_MIN=%d', $new_firstuid || $config{'first_system_uid'}),
140+ '-K', sprintf('SYS_UID_MAX=%d', $new_lastuid || $config{'last_system_uid'}),
141+ '-d', $home_dir,
142+ '-g', $ingroup_name,
143+ '-s', $shell,
144+ '-u', $new_uid,
145+ $new_name);
146+ } else {
147+ $ua_ret = systemcall_useradd($name_check_level,
148+ $useradd,
149+ '-r',
150+ '-K', sprintf('SYS_UID_MIN=%d', $new_firstuid || $config{'first_system_uid'}),
151+ '-K', sprintf('SYS_UID_MAX=%d', $new_lastuid || $config{'last_system_uid'}),
152+ '-d', $home_dir,
153+ '-g', $ingroup_name,
154+ '-s', $shell,
155+ '-u', $new_uid,
156+ $new_name);
157+ }
158 if( $ua_ret == RET_INVALID_NAME_FROM_USERADD ) {
159 $returnvalue = RET_INVALID_NAME_FROM_USERADD;
160 }
161@@ -880,10 +922,18 @@ if ($action eq "adduser") {
162 my $ret;
163 if( defined( $primary_gid ) ) {
164 log_info( mtx("Adding new group `%s' (%d) ..."), $new_name, $primary_gid);
165- $ret = systemcall_useradd($name_check_level, $groupadd, '-g', $primary_gid, $new_name);
166+ if ( ($use_extrausers) || ($config{"use_extrausers"}) ) {
167+ $ret = systemcall_useradd($name_check_level, $groupadd, '--extrausers', '-g', $primary_gid, $new_name);
168+ } else {
169+ $ret = systemcall_useradd($name_check_level, $groupadd, '-g', $primary_gid, $new_name);
170+ }
171 } else {
172 log_info( mtx("Adding new group `%s' (new group ID) ..."), $new_name);
173- $ret = systemcall_useradd($name_check_level, $groupadd, $new_name);
174+ if ( ($use_extrausers) || ($config{"use_extrausers"}) ) {
175+ $ret = systemcall_useradd($name_check_level, $groupadd, '--extrausers', $new_name);
176+ } else {
177+ $ret = systemcall_useradd($name_check_level, $groupadd, $new_name);
178+ }
179 $primary_gid = egetgrnam($new_name);
180 log_info( mtx("new group '%s' created with GID %d"), $new_name, $primary_gid );
181 }
182@@ -915,13 +965,24 @@ if ($action eq "adduser") {
183 log_debug( "creating new user %s with home_dir %s and shell %s", $new_name, $home_dir, $shell );
184 $undouser = $new_name;
185 my $useradd = which('useradd');
186- my $ret = systemcall_useradd($name_check_level,
187- $useradd,
188- '-d', $home_dir,
189- '-g', $primary_gid,
190- '-s', $shell,
191- '-u', $new_uid,
192- $new_name);
193+ my $ret;
194+ if ( ($use_extrausers) || ($config{"use_extrausers"}) ) {
195+ $ret = systemcall_useradd($name_check_level,
196+ $useradd, '--extrausers',
197+ '-d', $home_dir,
198+ '-g', $primary_gid,
199+ '-s', $shell,
200+ '-u', $new_uid,
201+ $new_name);
202+ } else {
203+ $ret = systemcall_useradd($name_check_level,
204+ $useradd,
205+ '-d', $home_dir,
206+ '-g', $primary_gid,
207+ '-s', $shell,
208+ '-u', $new_uid,
209+ $new_name);
210+ }
211 if( $ret == RET_INVALID_NAME_FROM_USERADD ) {
212 $returnvalue = RET_INVALID_NAME_FROM_USERADD;
213 }
214@@ -983,7 +1044,11 @@ if ($action eq "adduser") {
215 my $yesexpr = langinfo(YESEXPR());
216 CHFN: for (;;) {
217 my $chfn = &which('chfn');
218- systemcall($chfn, $new_name);
219+ if ( ($use_extrausers) || ($config{"use_extrausers"}) ) {
220+ systemcall($chfn, '--extrausers', $new_name);
221+ } else {
222+ systemcall($chfn, $new_name);
223+ }
224 # Translators: [y/N] has to be replaced by values defined in your
225 # locale. You can see by running "locale yesexpr" which regular
226 # expression will be checked to find positive answer.
227@@ -1018,9 +1083,15 @@ if ($action eq "adduser") {
228
229 log_info( mtx("Adding user `%s' to group `%s' ..."), $new_name, $newgrp );
230 my $gpasswd = &which('gpasswd');
231- systemcall($gpasswd, '-M',
232- join(',', get_group_members($newgrp), $new_name),
233- $newgrp);
234+ if ( ($use_extrausers) || ($config{"use_extrausers"}) ) {
235+ systemcall($gpasswd, '--extrausers', '-M',
236+ join(',', get_group_members($newgrp), $new_name),
237+ $newgrp);
238+ } else {
239+ systemcall($gpasswd, '-M',
240+ join(',', get_group_members($newgrp), $new_name),
241+ $newgrp);
242+ }
243 }
244 }
245
246@@ -1085,6 +1156,10 @@ sub create_homedir {
247 log_err( gtx("Couldn't create home directory `%s': %s."), $home_dir, $!);
248 &cleanup();
249 }
250+ if ($action eq "adduser") {
251+ # Mute the command
252+ system('sh' => ( '-c' => '"$@" >/dev/null 2>&1', '--', '/usr/sbin/zsysctl', 'userdata', 'create', $new_name, $home_dir,));
253+ }
254 if( !chown($new_uid, $primary_gid, $home_dir) ) {
255 log_err("chown %s:%s %s: %s", $new_uid, $primary_gid, $home_dir, $!);
256 &cleanup();
257@@ -1095,6 +1170,11 @@ sub create_homedir {
258 &cleanup();
259 }
260
261+ if (defined($encrypt_home)) {
262+ printf gtx("Setting up encryption ...\n") if $verbose;
263+ systemcall($ecryptfs_setup_private, '-b', '-u', $new_name);
264+ }
265+
266 if ($config{"skel"} && $copy_skeleton) {
267 log_info( mtx("Copying files from `%s' ..."), $config{skel} );
268 my $findpipe;
269@@ -1113,6 +1193,10 @@ sub create_homedir {
270 }
271 close ($findpipe);
272 }
273+
274+ if (defined($encrypt_home)) {
275+ systemcall("/bin/umount", $home_dir);
276+ }
277 }
278 }
279
280@@ -1488,7 +1572,11 @@ sub ch_comment {
281 # untaint unconditionally. our call to system() is safe, so
282 # we leave the check to usermod
283 if ($comment =~ qr/^([^\x00-\x1F\x7F:]*)$/ ) {
284- systemcall($usermod, '-c', $1, $name);
285+ if ( ($use_extrausers) || ($config{"use_extrausers"}) ) {
286+ log_fatal("Calling usermod with --extrausers is unsupported. Please raise a bug if you want to see this fixed.")
287+ } else {
288+ systemcall($usermod, '-c', $1, $name);
289+ }
290 } else {
291 log_fatal("unconditional sanitize of comment failed. This should not happen.");
292 }
293@@ -1553,38 +1641,38 @@ sub usage {
294 printf( gtx(
295 "adduser [--uid id] [--firstuid id] [--lastuid id]
296 [--gid id] [--firstgid id] [--lastgid id] [--ingroup group]
297- [--add-extra-groups] [--shell shell]
298+ [--add-extra-groups] [--encrypt-home] [--shell shell]
299 [--comment comment] [--home dir] [--no-create-home]
300 [--allow-all-names] [--allow-bad-names]
301 [--disabled-password] [--disabled-login]
302- [--conf file] [--quiet] [--verbose] [--debug]
303+ [--conf file] [--extrausers] [--quiet] [--verbose] [--debug]
304 user
305 Add a regular user
306
307 adduser --system
308 [--uid id] [--group] [--ingroup group] [--gid id]
309 [--shell shell] [--comment comment] [--home dir] [--no-create-home]
310- [--conf file] [--quiet] [--verbose] [--debug]
311+ [--conf file] [--extrausers] [--quiet] [--verbose] [--debug]
312 user
313 Add a system user
314
315 adduser --group
316 [--gid ID] [--firstgid id] [--lastgid id]
317- [--conf file] [--quiet] [--verbose] [--debug]
318+ [--conf file] [--extrausers] [--quiet] [--verbose] [--debug]
319 group
320 addgroup
321 [--gid ID] [--firstgid id] [--lastgid id]
322- [--conf file] [--quiet] [--verbose] [--debug]
323+ [--conf file] [--extrausers] [--quiet] [--verbose] [--debug]
324 group
325 Add a user group
326
327 addgroup --system
328 [--gid id]
329- [--conf file] [--quiet] [--verbose] [--debug]
330+ [--conf file] [--extrausers] [--quiet] [--verbose] [--debug]
331 group
332 Add a system group
333
334-adduser USER GROUP
335+adduser [--extrausers] USER GROUP
336 Add an existing user to an existing group\n") );
337 }
338
339@@ -1606,7 +1694,7 @@ sub get_dir_mode
340 : $config{"dir_mode"};
341
342 if(!defined($mode) || ! ($mode =~ /[0-7]{3}/ || $mode =~ /[0-7]{4}/)) {
343- $mode = ($found_sys_opt) ? "755" : "0700";
344+ $mode = ($found_sys_opt) ? "750" : "0750";
345 }
346
347 if($setgid && (length($mode) == 3 || $mode =~ /^[0-1|4-5][0-7]{3}$/)) {
348diff --git a/adduser.conf b/adduser.conf
349index ff82f9e..ab8901b 100644
350--- a/adduser.conf
351+++ b/adduser.conf
352@@ -69,12 +69,12 @@
353 #USERS_GROUP=users
354
355 # The permissions mode for home directories of non-system users.
356-# Default: DIR_MODE=0700
357-#DIR_MODE=0700
358+# Default: DIR_MODE=0750
359+#DIR_MODE=0750
360
361 # The permissions mode for home directories of system users.
362-# Default: SYS_DIR_MODE=0755
363-#SYS_DIR_MODE=0755
364+# Default: SYS_DIR_MODE=0750
365+#SYS_DIR_MODE=0750
366
367 # If set to a nonempty value, new users will have quotas copied
368 # from that user with `edquota -p QUOTAUSER newuser'
369@@ -114,3 +114,5 @@
370 # Default: ADD_EXTRA_GROUPS=0
371 #ADD_EXTRA_GROUPS=0
372
373+# use extrausers by default
374+#USE_EXTRAUSERS=1
375diff --git a/debian/changelog b/debian/changelog
376index d712e18..8f0ab49 100644
377--- a/debian/changelog
378+++ b/debian/changelog
379@@ -1,3 +1,34 @@
380+adduser (3.152ubuntu1) questing; urgency=medium
381+
382+ * Merge with Debian unstable (LP: #2111568).
383+ Note: This is the first merge done with git-ubuntu. Please upload
384+ appropriately to keep the rich history with all commits being split.
385+ Remaining changes:
386+ - Add support for encrypting home directories (MR: !87):
387+ This feature got a non-trivial refresh after some refactor upstream.
388+ + adduser: Add --encrypt-home option, which calls ecryptfs-setup-private
389+ for the hard work.
390+ + doc/adduser.8: document the --encrypt-home option
391+ + debian/control: suggest ecryptfs-utils >= 67-1
392+ + deluser: remove all of /var/lib/ecryptfs/$user with --remove-home
393+ - extrausers support for adduser and gpasswd (LP #1323732)
394+ One feature got dropped in the rebase: updating a user comment with
395+ --extrausers is now unsupported as the mechanism has changed in Debian,
396+ and usermod doesn't support --extrausers. An error is raised instead if we
397+ hit the situation.
398+ - Add support for ZFS home directories (LP #1873263)
399+ - Enable private home directories by default (LP #48734)
400+ - Set DIR_MODE=0750 and SYS_DIR_MODE=0750 in the default adduser.conf
401+ Dropped changes:
402+ - AdduserCommon.pm, adduser.conf: Change default SYS_NAME_REGEX to allow
403+ uppercase letters in the names of system users.
404+ Debian now does that by default.
405+ - Fix testsuite against newer shadow username restrictions
406+ (LP 2077862, Closes: #1077804)
407+ Debian fixed the testsuite.
408+
409+ -- Florent 'Skia' Jacquet <florent.jacquet@canonical.com> Fri, 23 May 2025 12:19:31 +0200
410+
411 adduser (3.152) unstable; urgency=medium
412
413 * only do very basic sanitization for comment.
414@@ -275,6 +306,40 @@ adduser (3.138) experimental; urgency=medium
415
416 -- Marc Haber <mh+debian-packages@zugschlus.de> Fri, 01 Nov 2024 19:19:54 +0100
417
418+adduser (3.137ubuntu2) oracular; urgency=medium
419+
420+ * Fix testsuite against newer shadow username restrictions
421+ (LP: #2077862, Closes: #1077804)
422+
423+ -- Simon Chopin <schopin@ubuntu.com> Mon, 26 Aug 2024 19:00:25 +0200
424+
425+adduser (3.137ubuntu1) mantic; urgency=medium
426+
427+ * Merge from Debian unstable (LP: #2026199). Remaining changes:
428+ - Add support for encrypting home directories (MR: !87):
429+ + adduser: Add --encrypt-home option, which calls ecryptfs-setup-private
430+ for the hard work.
431+ + doc/adduser.8: document the --encrypt-home option
432+ + debian/control: suggest ecryptfs-utils >= 67-1
433+ + deluser: remove all of /var/lib/ecryptfs/$user with --remove-home
434+ - extrausers support for adduser and gpasswd (LP: #1323732)
435+ - Add support for ZFS home directories (LP: #1873263)
436+ - Enable private home directories by default (LP: #48734)
437+ + Set DIR_MODE=0750 and SYS_DIR_MODE=0750 in the default adduser.conf
438+ - AdduserCommon.pm, adduser.conf: Change default SYS_NAME_REGEX to allow
439+ uppercase letters in the names of system users.
440+ * d/t/ecryptfs: test cases for adduser and deluser with --encrypt-home
441+ * Removed changes (superseded by Debian):
442+ - Fixed failing autopkgtests (MR: !89):
443+ + d/t/f/adduser_system.t: Smart increment of test uid to next available
444+ value.
445+ + d/t/f/firstlastuidgid.t: Smart increment of test uid and gid values to
446+ next available value.
447+ + d/t/f/firstlastuidgid.t: Changed S4L test group first and last uid
448+ values to 3xx instead of 4xx to comply with SYS_UID_MAX.
449+
450+ -- Mateus Rodrigues de Morais <mateus.morais@canonical.com> Wed, 05 Jul 2023 14:42:39 -0300
451+
452 adduser (3.137) unstable; urgency=medium
453
454 * get along without perl-modules. Closes: #1039709
455@@ -320,6 +385,32 @@ adduser (3.135) experimental; urgency=medium
456
457 -- Marc Haber <mh+debian-packages@zugschlus.de> Sat, 24 Jun 2023 15:22:08 +0200
458
459+adduser (3.134ubuntu1) mantic; urgency=medium
460+
461+ * Merge from Debian unstable (LP: #2021498). Remaining changes:
462+ - Add support for encrypting home directories (MR: !87):
463+ + adduser: Add --encrypt-home option, which calls ecryptfs-setup-private
464+ for the hard work.
465+ + doc/adduser.8: document the --encrypt-home option
466+ + debian/control: suggest ecryptfs-utils >= 67-1
467+ + deluser: remove all of /var/lib/ecryptfs/$user with --remove-home
468+ - extrausers support for adduser and gpasswd (LP: #1323732)
469+ - Add support for ZFS home directories (LP: #1873263)
470+ - Enable private home directories by default (LP: #48734)
471+ + Set DIR_MODE=0750 and SYS_DIR_MODE=0750 in the default adduser.conf
472+ - AdduserCommon.pm, adduser.conf: Change default SYS_NAME_REGEX to allow
473+ uppercase letters in the names of system users.
474+ * d/t/ecryptfs: test cases for adduser and deluser with --encrypt-home
475+ * Fixed failing autopkgtests (MR: !89):
476+ - d/t/f/adduser_system.t: Smart increment of test uid to next available
477+ value.
478+ - d/t/f/firstlastuidgid.t: Smart increment of test uid and gid values to
479+ next available value.
480+ - d/t/f/firstlastuidgid.t: Changed S4L test group first and last uid
481+ values to 3xx instead of 4xx to comply with SYS_UID_MAX.
482+
483+ -- Mateus Rodrigues de Morais <mateus.morais@canonical.com> Wed, 21 Jun 2023 16:38:18 +0200
484+
485 adduser (3.134) unstable; urgency=medium
486
487 * Revert "mark adduser as Protected:yes"
488@@ -435,6 +526,30 @@ adduser (3.130) unstable; urgency=low
489
490 -- Marc Haber <mh+debian-packages@zugschlus.de> Sun, 25 Dec 2022 17:11:31 +0100
491
492+adduser (3.129ubuntu1) lunar; urgency=medium
493+
494+ * Merge from Debian unstable (LP: #1873519, #1977710). Remaining changes:
495+ - Add support for encrypting home directories:
496+ + adduser: Add --encrypt-home option, which calls ecryptfs-setup-private
497+ for the hard work.
498+ + doc/adduser.8: document the --encrypt-home option
499+ + debian/control: suggest ecryptfs-utils >= 67-1
500+ + deluser: remove all of /var/lib/ecryptfs/$user with --remove-home
501+ - extrausers support for adduser and gpasswd (LP: #1323732)
502+ - Add support for ZFS home directories (LP: #1873263)
503+ - Enable private home directories by default (LP: #48734)
504+ + Set DIR_MODE=0750 and SYS_DIR_MODE=0750 in the default adduser.conf
505+ * Rename NAME_REGEX_SYSTEM to SYS_NAME_REGEX
506+ - AdduserCommon.pm, adduser.conf: Change default SYS_NAME_REGEX to allow
507+ uppercase letters in the names of system users.
508+ * Removed changes (superseded by Debian):
509+ - AdduserCommon.pm, adduser, adduser.8, adduser.conf.5: Allow uppercase
510+ letters in the names of system users. This is done by having a separate
511+ NAME_REGEX_SYSTEM configuration setting which applies when --system is
512+ specified.
513+
514+ -- Benjamin Drung <bdrung@ubuntu.com> Mon, 28 Nov 2022 15:34:26 +0100
515+
516 adduser (3.129) unstable; urgency=medium
517
518 * improve parameter interpretation for adduser.
519@@ -600,6 +715,30 @@ adduser (3.122) unstable; urgency=low
520
521 -- Marc Haber <mh+debian-packages@zugschlus.de> Wed, 13 Jul 2022 20:30:00 +0200
522
523+adduser (3.121ubuntu1) kinetic; urgency=medium
524+
525+ * Merge from Debian unstable. Remaining changes:
526+ - AdduserCommon.pm, adduser, adduser.8, adduser.conf.5: Allow uppercase
527+ letters in the names of system users. This is done by having a separate
528+ NAME_REGEX_SYSTEM configuration setting which applies when --system is
529+ specified. (Soren Hansen)
530+ - Add support for encrypting home directories:
531+ + adduser: Add --encrypt-home option, which calls ecryptfs-setup-private
532+ for the hard work.
533+ + doc/adduser.8: document the --encrypt-home option
534+ + debian/control: suggest ecryptfs-utils >= 67-1
535+ + deluser: remove all of /var/lib/ecryptfs/$user with --remove-home
536+ - extrausers support for adduser and gpasswd.
537+ - Add support for ZFS home directories (LP: #1873263)
538+ - Enable private home directories by default (LP: #48734)
539+ + Set DIR_MODE=0750 in the default adduser.conf
540+ + Change the description and default value to select private home
541+ directories by default in debconf template
542+ + Change the DIR_MODE when private home directories is configured via
543+ debconf from 0751 to 0750 to ensure files are truly private
544+
545+ -- Benjamin Drung <bdrung@ubuntu.com> Tue, 17 May 2022 12:26:42 +0200
546+
547 adduser (3.121) unstable; urgency=medium
548
549 * translators: The templates in this package version are fuzzed.
550@@ -693,6 +832,57 @@ adduser (3.119) unstable; urgency=medium
551
552 -- Marc Haber <mh+debian-packages@zugschlus.de> Thu, 03 Mar 2022 11:36:10 +0100
553
554+adduser (3.118ubuntu5) hirsute; urgency=medium
555+
556+ * Enable private home directories by default (LP: #48734)
557+ - Set DIR_MODE=0750 in the default adduser.conf
558+ - Change the description and default value to select private home
559+ directories by default in debconf template
560+ - Change the DIR_MODE when private home directories is configured via
561+ debconf from 0751 to 0750 to ensure files are truly private
562+
563+ -- Alex Murray <alex.murray@canonical.com> Wed, 06 Jan 2021 16:46:50 +1030
564+
565+adduser (3.118ubuntu4) hirsute; urgency=medium
566+
567+ [ Marcus Tomlinson ]
568+ * Drop support for extrausers in deluser, not available yet.
569+
570+ -- Dimitri John Ledkov <xnox@ubuntu.com> Thu, 10 Dec 2020 16:53:10 +0000
571+
572+adduser (3.118ubuntu3) hirsute; urgency=medium
573+
574+ [ Marcus Tomlinson ]
575+ * Add support for extrausers in gpasswd
576+
577+ -- Dimitri John Ledkov <xnox@ubuntu.com> Wed, 02 Dec 2020 10:16:44 +0000
578+
579+adduser (3.118ubuntu2) focal; urgency=medium
580+
581+ * Add support for ZFS home directories:
582+ - Home directories are created as ZFS dataset if zsysctl is installed. If
583+ the command is not installed or fails, the user will be created as usual
584+ without a dedicated dataset (LP: #1873263)
585+
586+ -- Jean-Baptiste Lallement <jean-baptiste.lallement@ubuntu.com> Thu, 16 Apr 2020 16:12:53 +0200
587+
588+adduser (3.118ubuntu1) disco; urgency=low
589+
590+ * Merge from Debian unstable. Remaining changes:
591+ - AdduserCommon.pm, adduser, adduser.8, adduser.conf.5: Allow uppercase
592+ letters in the names of system users. This is done by having a separate
593+ NAME_REGEX_SYSTEM configuration setting which applies when --system is
594+ specified. (Soren Hansen)
595+ - Add support for encrypting home directories:
596+ + adduser: Add --encrypt-home option, which calls ecryptfs-setup-private
597+ for the hard work.
598+ + doc/adduser.8: document the --encrypt-home option
599+ + debian/control: suggest ecryptfs-utils >= 67-1
600+ + deluser: remove all of /var/lib/ecryptfs/$user with --remove-home
601+ - extrausers support for adduser.
602+
603+ -- Steve Langasek <steve.langasek@ubuntu.com> Fri, 01 Feb 2019 12:01:22 -0800
604+
605 adduser (3.118) unstable; urgency=low
606
607 * Team upload
608@@ -717,6 +907,23 @@ adduser (3.118) unstable; urgency=low
609
610 -- Afif Elghraoui <afif@debian.org> Sat, 15 Sep 2018 15:12:39 -0400
611
612+adduser (3.117ubuntu1) cosmic; urgency=low
613+
614+ * Merge from Debian unstable. Remaining changes:
615+ - AdduserCommon.pm, adduser, adduser.8, adduser.conf.5: Allow uppercase
616+ letters in the names of system users. This is done by having a separate
617+ NAME_REGEX_SYSTEM configuration setting which applies when --system is
618+ specified. (Soren Hansen)
619+ - Add support for encrypting home directories:
620+ + adduser: Add --encrypt-home option, which calls ecryptfs-setup-private
621+ for the hard work.
622+ + doc/adduser.8: document the --encrypt-home option
623+ + debian/control: suggest ecryptfs-utils >= 67-1
624+ + deluser: remove all of /var/lib/ecryptfs/$user with --remove-home
625+ - extrausers support for adduser.
626+
627+ -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 14 May 2018 22:18:11 -0700
628+
629 adduser (3.117) unstable; urgency=medium
630
631 [ Marc Haber ]
632@@ -729,6 +936,27 @@ adduser (3.117) unstable; urgency=medium
633
634 -- Marc Haber <mh+debian-packages@zugschlus.de> Fri, 02 Feb 2018 17:42:15 +0100
635
636+adduser (3.116ubuntu1) bionic; urgency=low
637+
638+ * Merge from Debian unstable. Remaining changes:
639+ - AdduserCommon.pm, adduser, adduser.8, adduser.conf.5: Allow uppercase
640+ letters in the names of system users. This is done by having a separate
641+ NAME_REGEX_SYSTEM configuration setting which applies when --system is
642+ specified. (Soren Hansen)
643+ - Add support for encrypting home directories:
644+ + adduser: Add --encrypt-home option, which calls ecryptfs-setup-private
645+ for the hard work.
646+ + doc/adduser.8: document the --encrypt-home option
647+ + debian/control: suggest ecryptfs-utils >= 67-1
648+ + deluser: remove all of /var/lib/ecryptfs/$user with --remove-home
649+ - extrausers support for adduser.
650+ * Dropped changes, included in Debian:
651+ - Add autopkgtest.
652+ - testsuite/runsuite.sh: Add the testsuite directory to @INC, so it can
653+ find the tests.
654+
655+ -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 05 Dec 2017 08:57:20 -0800
656+
657 adduser (3.116) unstable; urgency=medium
658
659 * Advise installation of 'perl' rather than 'perl-modules'
660@@ -824,6 +1052,52 @@ adduser (3.114) unstable; urgency=medium
661
662 -- Niels Thykier <niels@thykier.net> Sat, 12 Mar 2016 15:53:58 +0000
663
664+adduser (3.113+nmu3ubuntu5) zesty; urgency=medium
665+
666+ * testsuite/runsuite.sh: Add the testsuite directory to @INC, so it can find
667+ the tests.
668+
669+ -- Iain Lane <iain@orangesquash.org.uk> Mon, 31 Oct 2016 14:53:46 +0000
670+
671+adduser (3.113+nmu3ubuntu4) wily; urgency=medium
672+
673+ * extrausers support for adduser (LP: #1323732)
674+
675+ -- Sergio Schvezov <sergio.schvezov@canonical.com> Fri, 26 Jun 2015 17:34:29 -0300
676+
677+adduser (3.113+nmu3ubuntu3) trusty; urgency=low
678+
679+ * Add autopkgtest. (LP: #1246331)
680+
681+ -- Jean-Baptiste Lallement <jean-baptiste.lallement@canonical.com> Wed, 30 Oct 2013 14:51:16 +0100
682+
683+adduser (3.113+nmu3ubuntu2) saucy; urgency=low
684+
685+ * Move ecryptfs-utils from recommends, to suggests. (LP: #1188108)
686+ Adduser has moved from required to minimal set, and thus started to
687+ pull ecryptfs-utils and cryptsetup into minimal installs, which is an
688+ undesired effect.
689+
690+ -- Dmitrijs Ledkovs <dmitrij.ledkov@ubuntu.com> Fri, 07 Jun 2013 11:24:08 +0100
691+
692+adduser (3.113+nmu3ubuntu1) raring; urgency=low
693+
694+ * Merge from Debian unstable, remaining changes:
695+ - AdduserCommon.pm, adduser, adduser.8, adduser.conf.5: Allow uppercase
696+ letters in the names of system users. This is done by having a separate
697+ NAME_REGEX_SYSTEM configuration setting which applies when --system is
698+ specified. (Soren Hansen)
699+ - Add support for encrypting home directories:
700+ + adduser: Add --encrypt-home option, which calls ecryptfs-setup-private
701+ for the hard work.
702+ + doc/adduser.8: document the --encrypt-home option
703+ + debian/control: recommend ecryptfs-utils >= 67-1
704+ + deluser: remove all of /var/lib/ecryptfs/$user with --remove-home
705+ * Dropped changes, included in Debian:
706+ - Mark adduser Multi-Arch: foreign.
707+
708+ -- Steve Langasek <steve.langasek@ubuntu.com> Wed, 24 Oct 2012 17:07:33 -0700
709+
710 adduser (3.113+nmu3) unstable; urgency=low
711
712 * Non-maintainer upload.
713@@ -841,6 +1115,23 @@ adduser (3.113+nmu2) unstable; urgency=low
714
715 -- Bastian Blank <waldi@debian.org> Mon, 14 May 2012 13:47:27 +0000
716
717+adduser (3.113+nmu1ubuntu1) quantal; urgency=low
718+
719+ * Merge from Debian unstable, remaining changes:
720+ - AdduserCommon.pm, adduser, adduser.8, adduser.conf.5: Allow uppercase
721+ letters in the names of system users. This is done by having a separate
722+ NAME_REGEX_SYSTEM configuration setting which applies when --system is
723+ specified. (Soren Hansen)
724+ - Add support for encrypting home directories:
725+ + adduser: Add --encrypt-home option, which calls ecryptfs-setup-private
726+ for the hard work.
727+ + doc/adduser.8: document the --encrypt-home option
728+ + debian/control: recommend ecryptfs-utils >= 67-1
729+ + deluser: remove all of /var/lib/ecryptfs/$user with --remove-home
730+ - Mark adduser Multi-Arch: foreign.
731+
732+ -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 30 Apr 2012 22:52:15 -0700
733+
734 adduser (3.113+nmu1) unstable; urgency=low
735
736 * Non-maintainer upload.
737@@ -854,6 +1145,34 @@ adduser (3.113+nmu1) unstable; urgency=low
738
739 -- Christian Perrier <bubulle@debian.org> Sat, 21 Jan 2012 09:00:03 +0100
740
741+adduser (3.113ubuntu2) precise; urgency=low
742+
743+ * Fix a typo in the usage info for NAME_REGEX_SYSTEM.
744+
745+ -- Steve Langasek <steve.langasek@ubuntu.com> Wed, 19 Oct 2011 14:52:33 -0700
746+
747+adduser (3.113ubuntu1) precise; urgency=low
748+
749+ * Merge from Debian testing, cleaning up a mess of missing translations
750+ due to previous .po file mismerging.
751+ * Remaining changes:
752+ - AdduserCommon.pm, adduser, adduser.8, adduser.conf.5: Allow uppercase
753+ letters in the names of system users. This is done by having a separate
754+ NAME_REGEX_SYSTEM configuration setting which applies when --system is
755+ specified. (Soren Hansen)
756+ - Add support for encrypting home directories:
757+ + adduser: Add --encrypt-home option, which calls ecryptfs-setup-private
758+ for the hard work.
759+ + doc/adduser.8: document the --encrypt-home option
760+ + debian/control: recommend ecryptfs-utils >= 67-1
761+ + deluser: remove all of /var/lib/ecryptfs/$user with --remove-home
762+ * Dropped changes, included in Debian:
763+ - deluser: added missing linebreak at line 338
764+ - deluser: Remove symlinks to directories with rm, not rmdir
765+ * Mark adduser Multi-Arch: foreign.
766+
767+ -- Steve Langasek <steve.langasek@ubuntu.com> Wed, 19 Oct 2011 14:34:19 -0700
768+
769 adduser (3.113) unstable; urgency=low
770
771 * Warning to STDERR (closes: #561864)
772@@ -910,6 +1229,51 @@ adduser (3.112+nmu2) unstable; urgency=low
773
774 -- David Prévot <david@tilapin.org> Sun, 21 Nov 2010 17:13:00 -0400
775
776+adduser (3.112+nmu1ubuntu5) natty; urgency=low
777+
778+ * debian/control: fix an often-duplicated bug, which causes apt to try
779+ and remove ecryptfs-utils, even though it is in use; have adduser
780+ recommend, rather than suggest ecryptfs-utils, LP: #653628
781+
782+ -- Dustin Kirkland <kirkland@ubuntu.com> Wed, 09 Mar 2011 11:16:13 +0000
783+
784+adduser (3.112+nmu1ubuntu4) natty; urgency=low
785+
786+ * And fix a typo in the last patch.
787+
788+ -- Matthias Klose <doko@ubuntu.com> Thu, 06 Jan 2011 22:05:54 +0100
789+
790+adduser (3.112+nmu1ubuntu3) natty; urgency=low
791+
792+ * deluser: Remove symlinks to directories with rm, not rmdir (Jim Cheetham).
793+ LP: #34299.
794+
795+ -- Matthias Klose <doko@ubuntu.com> Thu, 06 Jan 2011 21:48:21 +0100
796+
797+adduser (3.112+nmu1ubuntu2) natty; urgency=low
798+
799+ * deluser: added missing linebreak at line 338 (LP: #613204)
800+ thanks to knopwob@googlemail.com and Mohamed Amine IL Idrissi for the
801+ patch
802+
803+ -- Oliver Grawert <ogra@ubuntu.com> Tue, 23 Nov 2010 12:40:28 +0100
804+
805+adduser (3.112+nmu1ubuntu1) natty; urgency=low
806+
807+ * Merge with Debian unstable. Remaining Ubuntu changes:
808+ - AdduserCommon.pm, adduser, adduser.8, adduser.conf.5: Allow uppercase
809+ letters in the names of system users. This is done by having a separate
810+ NAME_REGEX_SYSTEM configuration setting which applies when --system is
811+ specified. (Soren Hansen)
812+ - Add support for encrypting home directories:
813+ + adduser: Add --encrypt-home option, which calls ecryptfs-setup-private
814+ for the hard work.
815+ + doc/adduser.8: document the --encrypt-home option
816+ + debian/control: suggest ecryptfs-utils >= 67-1
817+ + deluser: remove all of /var/lib/ecryptfs/$user with --remove-home
818+
819+ -- Martin Pitt <martin.pitt@ubuntu.com> Tue, 12 Oct 2010 15:47:22 +0200
820+
821 adduser (3.112+nmu1) unstable; urgency=low
822
823 * Non-maintainer upload.
824diff --git a/debian/control b/debian/control
825index 8d6c306..063492e 100644
826--- a/debian/control
827+++ b/debian/control
828@@ -1,7 +1,8 @@
829 Source: adduser
830 Section: admin
831 Priority: important
832-Maintainer: Debian Adduser Developers <adduser@packages.debian.org>
833+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
834+XSBC-Original-Maintainer: Debian Adduser Developers <adduser@packages.debian.org>
835 Uploaders: Marc Haber <mh+debian-packages@zugschlus.de>
836 Standards-Version: 4.7.2
837 Build-Depends: debhelper-compat (= 13), po4a
838@@ -15,7 +16,7 @@ Architecture: all
839 Multi-Arch: foreign
840 Pre-Depends: ${misc:Pre-Depends}
841 Depends: passwd (>= 1:4.17.2-5), ${misc:Depends}
842-Suggests: liblocale-gettext-perl, perl, cron, quota
843+Suggests: liblocale-gettext-perl, perl, cron, quota, ecryptfs-utils (>= 67-1)
844 Description: add and remove users and groups
845 This package includes the 'adduser' and 'deluser' commands for creating
846 and removing users.
847diff --git a/debian/preinst b/debian/preinst
848index 174f298..9e43355 100755
849--- a/debian/preinst
850+++ b/debian/preinst
851@@ -30,6 +30,8 @@ create_adduser_conf() {
852 ab6adcf4067d7d50ef45cc93ca3a8c54b7ab3e7748420434ad846e8d6e6c34d2ae10d576029d3e1e501f7a743951aed3876c8f3d0e03a918410fa3c9d82460e2 \
853 b26329cba15b817a79d19c542c49a3e34b7535ffbd60057df7aca2b7027a1ad8db0cdecfd5c00c40d60f50e8b7e2e1675d8401696cf8933a5530e31e430a6675 \
854 a91cdf6bf59602a7c7dbb745bca1b4d374035026dd89aa62eb9edea8ffcdff4a764a2274770de81687291d57cf9fbc0f0eb495451460c2b44229cebcecd9d870 \
855+ 9276d943d595d49f28f391688ab1973b2235a90dcf42cd383ee7a0e7b819fd8c232ec9d7e5da0c2b8a822a8d8f0eba230e88acde34015a4881ca2499b7809cb4 \
856+ b9eb41be93cf85fba8f716d4683e6171b39a068b61a4fe4bfb5b1be93400000e8fb24b151ecaf4a88487802c24ac7aec72100fa6fd1926fa49fed9862d45deee \
857 d8502b9daf3a3a486ca563a15f2bb03a25eb9247d201d15a4640088626c660a03416b62217f59c37aa94050317243b8979fd46d99e081f555eb7f8adf325a7f8"
858 else
859 # old version already has adduser.conf as a dpkg-conffile, nothing to do.
860@@ -48,16 +50,16 @@ create_adduser_conf() {
861 printf "cannot move unchanged adduser.conf to adduser.conf.update-old. You can continue after answering the dpkg configuration file question.\n"
862 else
863 DIR_MODE="$(< /etc/adduser.conf sed -n '/^\(DIR_MODE=\)/{s///;p;q;}')"
864- DIR_MODE="${DIR_MODE:-0700}"
865- if [ "$DIR_MODE" != "0700" ] && [ "$DIR_MODE" != "0755" ]; then
866+ DIR_MODE="${DIR_MODE:-0750}"
867+ if [ "$DIR_MODE" != "0750" ] && [ "$DIR_MODE" != "0755" ]; then
868 # We reach this point of control if the local file is identical to what
869- # we have shipped AND DIR_MODE is neither set to 0700 and 0755. This must
870+ # we have shipped AND DIR_MODE is neither set to 0750 and 0755. This must
871 # be a local change, therefore a dpkg prompt is expected.
872- printf "DIR_MODE default has changed from %s to 0700. You can continue after answering the dpkg configuration file question.\n" "${DIR_MODE}"
873+ printf "DIR_MODE default has changed from %s to 0750. You can continue after answering the dpkg configuration file question.\n" "${DIR_MODE}"
874 else
875 # We reach this point of control if the local file is identical to what
876- # we have shipped AND DIR_MODE is either set to 0700 or 0755. If it is
877- # 0700, then our change is already what the user has configured before
878+ # we have shipped AND DIR_MODE is either set to 0750 or 0755. If it is
879+ # 0750, then our change is already what the user has configured before
880 # (no prompt needed). If it is 0755, the user never changed the default,
881 # hence we are policy compliant to overwrite our unchanged default with
882 # the new one (no prompt needed as well).
883diff --git a/debian/tests/control b/debian/tests/control
884index 9e680e7..bda1887 100644
885--- a/debian/tests/control
886+++ b/debian/tests/control
887@@ -3,6 +3,10 @@ Depends: adduser, cron, perl, login
888 Restrictions: needs-root
889 Features: test-name=package-test-suite
890
891+Test-Command: /usr/bin/prove -v debian/tests/ecryptfs
892+Depends: cron, ecryptfs-utils, kmod, perl
893+Restrictions: allow-stderr isolation-machine needs-root
894+
895 Test-Command: cd testsuite/ && ./runsuite.sh
896 Depends: adduser, cron, perl, login
897 Restrictions: allow-stderr breaks-testbed needs-root
898diff --git a/debian/tests/ecryptfs/encrypt_home.t b/debian/tests/ecryptfs/encrypt_home.t
899new file mode 100755
900index 0000000..7b560c5
901--- /dev/null
902+++ b/debian/tests/ecryptfs/encrypt_home.t
903@@ -0,0 +1,31 @@
904+#! /usr/bin/perl -Idebian/tests/lib
905+
906+use diagnostics;
907+use strict;
908+use warnings;
909+
910+use AdduserTestsCommon;
911+
912+# enable ecryptfs kernel module
913+system('/sbin/modprobe', 'ecryptfs');
914+
915+my $test_user="foocrypt";
916+
917+assert_user_does_not_exist($test_user);
918+
919+assert_command_success('/usr/sbin/adduser', '--encrypt-home', '--disabled-password', '--comment', '""', $test_user);
920+
921+assert_user_exists($test_user);
922+assert_group_exists($test_user);
923+assert_group_membership_exists($test_user, $test_user);
924+
925+# test for ecryptfs files stored in $HOME
926+assert_path_exists("/home/$test_user/.ecryptfs");
927+assert_path_exists("/home/$test_user/.Private");
928+# and not stored in $HOME
929+assert_path_exists("/home/.ecryptfs/$test_user");
930+
931+assert_command_success('/usr/sbin/deluser', '--remove-home', $test_user);
932+assert_user_does_not_exist($test_user);
933+assert_path_does_not_exist("/home/$test_user");
934+assert_path_does_not_exist("/home/.ecryptfs/$test_user");
935diff --git a/debian/tests/f/homedir_modes.t b/debian/tests/f/homedir_modes.t
936index c7daa66..134e709 100755
937--- a/debian/tests/f/homedir_modes.t
938+++ b/debian/tests/f/homedir_modes.t
939@@ -16,7 +16,7 @@ my @modes = ("750","2751","3333","55555","8888","wtF??");
940
941 my $user = $user_prefix . "default";
942 my $home = "/home/$user";
943-my $mode = "755";
944+my $mode = "750";
945
946 assert_user_does_not_exist($user);
947 assert_path_does_not_exist($home);
948@@ -51,7 +51,7 @@ foreach (@modes) {
949 if (mode_is_valid($mode)) {
950 assert_path_has_mode($home, $mode);
951 } else {
952- my $def_mode = "755";
953+ my $def_mode = "750";
954 assert_path_has_mode($home, $def_mode, $mode);
955 }
956 remove_tree($home);
957diff --git a/deluser b/deluser
958index 2673f22..c823acb 100755
959--- a/deluser
960+++ b/deluser
961@@ -344,8 +344,26 @@ if($action eq "deluser") {
962 if(-d $name);
963 } # sub home_match
964
965+ # collect ecryptfs config files not stored in $HOME
966+ sub ecryptfs_match {
967+ my $name = sanitize_string( $File::Find::name, pathre );
968+ if ( $name !~ m[^/var/lib/ecryptfs/\Q$user] && $name !~ m[^/home/\.ecryptfs/\Q$user]) {
969+ $File::Find::prune=1;
970+ return;
971+ }
972+ push(@files, $name)
973+ if(-f $name || -l $name);
974+ push(@dirs, $name)
975+ if(-d $name);
976+ } # sub ecryptfs_match
977+
978 File::Find::find({wanted => \&home_match, untaint => 1, no_chdir => 1}, $pw_homedir)
979 if(-d "$pw_homedir");
980+ if(-d "/var/lib/ecryptfs/$user") {
981+ File::Find::find({wanted => \&ecryptfs_match, untaint => 1, no_chdir => 1}, "/var/lib/ecryptfs/$user");
982+ } elsif (-d "/home/.ecryptfs/$user") {
983+ File::Find::find({wanted => \&ecryptfs_match, untaint => 1, no_chdir => 1}, "/home/.ecryptfs/$user");
984+ }
985 push(@files, "/var/mail/$user")
986 if(-e "/var/mail/$user");
987 }
988diff --git a/doc/adduser.8 b/doc/adduser.8
989index 52d22e3..e19a589 100644
990--- a/doc/adduser.8
991+++ b/doc/adduser.8
992@@ -26,6 +26,7 @@ adduser, addgroup \- add or manipulate users or groups
993 .OP \-\-debug
994 .OP \-\-disabled\-login
995 .OP \-\-disabled\-password
996+.OP \-\-encrypt\-home
997 .OP \-\-firstgid id
998 .OP \-\-firstuid id
999 .OP \-\-gid id
1000@@ -214,6 +215,11 @@ might be pre-determined with the \fBUID_POOL\fP and \fBGID_POOL\fP option,
1001 documented in
1002 .BR adduser.conf (5).
1003
1004+To set up an encrypted home directory for the new user, add the
1005+.B \-\-encrypt\-home
1006+option. For more information, refer to the \-b option of
1007+.B ecryptfs-setup-private(1).
1008+
1009 .SS "Add a system user"
1010 If called with one non-option argument and the \fB\-\-system\fP option,
1011 \fBadduser\fP will add a
1012@@ -380,7 +386,10 @@ These are the deprecated forms of \fB\-\-allow\-bad\-names\fR.
1013 They will be removed
1014 during the release cycle of Debian 13.
1015 .TP
1016-.BI \-\-gid " GID"
1017+.B \-\-extrausers
1018+Uses extra users as the database.
1019+.TP
1020+.BI \-\-gid " GID "
1021 When creating a group,
1022 this option sets the group ID number of the new group to \fIGID\fP.
1023 When creating a user,

Subscribers

People subscribed via source and target branches

to all changes: