pw: do not removed home directories if not owned

When deleting a user, if its home directory does not belong to it, it should
not be removed. This is the promise that the manpage makes, the tool should
ensure that it respects that promise.

Add a regression test about it

PR:		244967
Submitted by:	Eric Hanneken <eric@erichanneken.com>
MFC after:	3 days

diff --git a/pw/rm_r.c b/pw/rm_r.c
index 940266d81679af42a945e9c26b82a60cb43dc576..66298a248f19d1c01ee2ce8e78f259c3985c53f8 100644 (file)
--- a/pw/rm_r.c
+++ b/pw/rm_r.c
@@ -71,5 +71,8 @@ rm_r(int rootfd, const char *path, uid_t uid)
        closedir(d);
        if (fstatat(rootfd, path, &st, AT_SYMLINK_NOFOLLOW) != 0)
                return;
-       unlinkat(rootfd, path, S_ISDIR(st.st_mode) ? AT_REMOVEDIR : 0);
+       if (S_ISLNK(st.st_mode))
+               unlinkat(rootfd, path, 0);
+       else if (st.st_uid == uid)
+               unlinkat(rootfd, path, AT_REMOVEDIR);
 }