On Mon, May 20, 2013 at 5:51 PM, Sandro Mani <manisandro@xxxxxxxxx> wrote:
I've just hit a bug which causes $HOME to be owned by root if a mountpoint is created inside $HOME during install, see [1].
Ouch. Recent libuser versions refuse to do anything about a home directory (... which should cause the whole "create user" process to fail) if $HOME already exists - and this is necessary for security reasons.
I'd much rather prohibit this case - if you want to set up a mountpoint within $HOME, create the user first. It would admittedly be a really ugly policy, however I think it's still better than the security risk.
Mirek
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
