Missing dot files in home folder after fresh install

Thanks for the hint fix @oxwrongagain

I have a habit of saving the output (to update.txt) from my “zypper -vvvv up” that I run every now and then.
… so I opened the file up and searched for “shadow” - sure enough, it was included in the previous dup I ran recently, with 87 updates.

It is not a fix it is workaround.

To fix it someone needs to finally open bug report.

1 Like

Hello @arvidjaar ,

I agree, “workaround” is probably a better choice of words, as nothing has been fixed yet.

Nonetheless:

https://bugzilla.opensuse.org/show_bug.cgi?id=1228770

Okay, Houston … we’ve had a problem here.

Here on Leap 15.6 and KDE –

  • From YaST add a new user – a Test User.
    The new user’s directory is empty.
 # l /home/Test-Benutzer/
insgesamt 8
drwxr-xr-t  5 test-user test-user   51  2. Aug 14:59 ./
drwxr-xr-x  8 root      root       301 15. Mär 2022  ../
drwxr-xr-x 18 test001   test-user 4096 29. Jun 17:08 test001/
drwxr-xr-x 16 test002   test-user 4096 27. Feb 14:25 test002/
drwxr-xr-x  2 test003   test-user    6  2. Aug 14:57 test003/
 # l /home/Test-Benutzer/test003/
insgesamt 0
drwxr-xr-x 2 test003   test-user  6  2. Aug 14:57 ./
drwxr-xr-t 5 test-user test-user 51  2. Aug 14:59 ../
 #

Haven’t tried “adduser” & Co. but, YaST running under KDE Plasma definitely has an issue here – I didn’t activate the “empty home directory” option during the YaST add user procedure.


A Bug Report is needed.

See the post before yours.

This downgrade will restore correct behavior for adding new users.

And lose CVE fix in the new version.

Seriously, it is tempest in a teapot. Sure, it is defect that has to be fixed. But what exactly does not work because of this? You lose some templates copied to your home directory? If you need to edit these files,. you are supposed to know what you are doing and what content should be. You do not need existing dummies for this.

Besides, how often do you create new users?

1 Like

That was the same fix for Jia Tan’s “contribution” for the XZ Utils. (I was using TW at the time, so had to go thru that turmoil).

I read your bug submission, then I followed the link in Michael Vetter’s Comment. Read all comments and followed all the subsequent links.

All of this relates to a security risk fix. Let’s hope it’s not another Jia Tan at work.

Hello @arvidjaar ,

Yes! The CVE fix will be lost. I had NO idea what the CVE fix fixed until a few minutes ago. I am simply letting folks know how to restore previous behavior should they need/want it.

I also agree that the loss of “some templates” is TRIVIAL! If needed, they can be manually copied.

And the reason I had not bothered to see what the fix fixes? The only time I EVER create a new user is to test something that might mess up the home directory of the user testing, that is to say I almost never create new users.

As for the temporary loss of the security fix:

Like most security patches, it closes a hypothetical hole rather than addressing an imminent threat. The CVE is designated as low priority by the folk working on it.

Hi @myswtest ,

I have no clue what you mean by “Jia Tan’s contribution” or the subsequent “turmoil”.

But I am all for avoiding turmoil :smile: !

So, it works on TW - I wonder what version of shadow it uses. Did this issue get fixed for TW [only] ?

Hi @aggie ,

Tumbleweed uses shadow 4.16.0-2.1. I don’t know whether the security issue addressed by “4.8.1-150600.17.3.1” applies to the newer version of shadow or not.

You never heard of it @oxwrongagain ? It was a stressful event. Google it :slight_smile:

If you’re bored, here’s one thread over in the TW forum - some of us showed possibly vulnerable (one reason I quit using TW):

This is one of my posts in there, showing the timeline of vulnerability:

WOW!

I really do live under a rock!

Found a nice little article on wired:

I don’t think the CVE for shadow referenced in this thread is for anything like that … designated as low priority by the folks working it.

Recently, I have been looking for reasons to be less concerned about security. My efforts have only led me to higher levels of paranoia :slight_smile: .

1 Like

Fixed in shadow-4.8.1-150600.17.6.1

From zypper:

S  | Name   | Type       | Version             | Arch   | Repository
---+--------+------------+---------------------+--------+------------------
i+ | shadow | package    | 4.8.1-150600.17.6.1 | x86_64 | update-sle (15.6)
   | shadow | srcpackage | 4.8.1-150600.17.6.1 | noarch | update-sle (15.6)

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.