deluser: check if specified home is a directory before removing it

On Alpine, some users use /dev/null as a home directory. When removing
such a user with `deluser --remove-home` this causes the /dev/null
device file to be removed which is undesirable. To prevent this pitfall,
check if the home directory specified for the user is an actual
directory (or a symlink to a directory).

Implementations of similar tools for other operating systems also
implement such checks. For instance, the OpenBSD rmuser(1)
implementation [0].

[0]: https://github.com/openbsd/src/blob/b69faa6c70c5bfcfdddc6138cd8e0ee18cc15b03/usr.sbin/adduser/rmuser.perl#L143-L151

function                                             old     new   delta
deluser_main                                         337     380     +43

Signed-off-by: Sören Tempel <soeren+git@soeren-tempel.net>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>

1 files changed, 8 insertions, 2 deletions

diff --git a/loginutils/deluser.c b/loginutils/deluser.c
index 56bc7eaa6..8e7df737c 100644
--- a/loginutils/deluser.c
+++ b/loginutils/deluser.c
@@ -99,8 +99,14 @@ int deluser_main(int argc, char **argv)
                         pfile = bb_path_passwd_file;
                         if (ENABLE_FEATURE_SHADOWPASSWDS)
                                 sfile = bb_path_shadow_file;
-                        if (opt_delhome)
-                                remove_file(pw->pw_dir, FILEUTILS_RECUR);
+                        if (opt_delhome) {
+                                struct stat st;
+
+                                /* Make sure home is an actual directory before
+                                 * removing it (e.g. users with /dev/null as home) */
+                                if (stat(pw->pw_dir, &st) == 0 && S_ISDIR(st.st_mode))
+                                        remove_file(pw->pw_dir, FILEUTILS_RECUR);
+                        }
                 } else {
                         struct group *gr;
  do_delgroup: