3

I'm trying to create a system user in Debian, with no home directory, for use with getmail.

Even though I did:

adduser --system --group --no-create-home getmail

The entry in /etc/passwd is:

getmail:x:122:156::/home/getmail:/usr/sbin/nologin

even though the /home/getmail directory is never created. Why mention a directory that was never created? I was expecting to see the placeholder /nonexistent there, which appears in several entries in /etc/passwd.

Why is the /home/getmail entry made, and if I want the /nonexistent entry instead, do I have to state it explicitly?

Faheem Mitha
  • 35,108

1 Answers1

6

/nonexistent is mandated by Policy, but that’s only relevant for packages in Debian. Lintian (the Debian QA tool) checks for invocations of adduser --system without --home (see #730456 and the maintainer-script-lacks-home-in-adduser tag).

Whether adduser --system should default to /nonexistent is the matter of some debate, but there doesn’t seem to have been much discussion in the last decade.

Why is the /home/getmail entry made, and if I want the /nonexistent entry instead, do I have to state it explicitly?

The answer to the former appears to be “for historical reasons”, and the answer to the latter is yes,

adduser --system --no-create-home --home /nonexistent ...
Stephen Kitt
  • 434,908
  • Thank you for the fast reply, though the current default behavior is... untidy, at best. It should be changed, IMO. – Faheem Mitha Feb 09 '22 at 10:35
  • It probably should; the only remaining concern is the effect such a change would have on any local administration scripts. – Stephen Kitt Feb 09 '22 at 10:44
  • Use case: I have a directory /home/someone restored from a backup and I want to (re)create a user account to use it. What would you suggest in this situation, @FaheemMitha? – Chris Davies Feb 09 '22 at 10:49
  • @roaima Is that relevant? If so, please elaborate. – Faheem Mitha Feb 09 '22 at 10:52
  • @roaima presumably that wouldn’t be a system account, would it? – Stephen Kitt Feb 09 '22 at 10:56
  • In the specific case, no, but I'm failing to see the significant difference here between a system account and a user account. I'm trying to understand why the existing behaviour is any more wrong than an alternative. We could, if you prefer, consider the "dovecot" system account and a restored mail spool – Chris Davies Feb 09 '22 at 12:38
  • @roaima the difference I see is that for a user account you generally want a /home/foo directory, and the default provided by adduser is fine for most users (and adduser.conf provides configuration to cover some other scenarios). For a system account you either don’t want a home directory, or you want to specify it and it’s not a directory under /home. Even for scenarios such as the Dovecot mail spool, dovecot’s home directory isn’t the spool so it doesn’t matter much, but I don’t think you’d ever want /home/dovecot. – Stephen Kitt Feb 09 '22 at 14:08
  • The concern here is that adduser does the right thing by default in most cases for user accounts, but adduser --system has a default which is never useful. – Stephen Kitt Feb 09 '22 at 14:10
  • @StephenKitt A related question. Given that the /etc/passwd entry has a home entry that doesn't exist, it is safe to replace /home/getmail (in my case) with /nonexistent by directly editing the /etc/passwd file? I could delete and recreate the user, but I'm wary of complications (like if adduser doesn't recreate the user and group with the same ids) and if I can directly edit, that seems like the simplest option. Thanks in advance. – Faheem Mitha Feb 10 '22 at 09:18
  • 1
    @FaheemMitha yes, that is safe. – Stephen Kitt Feb 10 '22 at 09:26
  • @StephenKitt Thank you for the confirmation. – Faheem Mitha Feb 10 '22 at 09:46