I am running Solaris 10 on SUN Hardware (SPARC).

I just used useradd to add a user to the system. It created the account and home directory and all, but it also did FAR more to my system than it should have. Here is the command that I used (owner, group, directory all changed to protect the inocent).

So, I am setting up the users $HOME on a NAS (don't know if it has any bearing or not). The command was running for quite sometime (which is unusual), and then it started to spit out a couple of errors. It can't change the owner/group on some directory or file.

When I went and checked, based on what I was seeing, it had appeared to start running something like

As we all know, this can not be good. Luckily, it started with some of our data disks. It managed to change /nas, /var, /export, and two of our data drives (mainly Oracle database files). So, I changed all of that back, and was thankful that it hadn't hit anything vital like /usr or /bin.

Has anyone seen anything like this ever before? I know that useradd should not have this "functionality", and just really want to understand what might be going on.

If I saw something like that my first thought would be that I'd accidentally put a space after "/" in my command line OR that there was a hidden character (e.g. a Ctrl-H for backspace) that was making it look like there was a space.

Also are you sure the useradd spawned the chown you saw? That is to say was the ppid of the chown the pid of the useradd? Is the tty for the chown command the same as the tty you were logged in on when you ran useradd? It may be something coincidental that did the chown and you only think it was useradd because you didn't see it until checking after you ran useradd.

That was my first thought as well, and I went back to check the command. There is no visible space after the /. And as often as I type /nas/, I don't believe that I would have ended up with a hidden backspace. I've been around long enough to know that if you are typing and things start to go screwy while you are typing, you are better off to ^C and start over than to continue and hope for the best.

I was the only user on the system when it happened. I didn't check to see if a chown had been been kicked off as I was more worried about stopping what was happening from happening (on a production box) than to nose about and see if what I thought was happening was happening. I saw it was trying to change owners on an NFS share (which was denied as it was on a separate box), and I killed the useradd with ^C.

I was just hoping that someone else knew what was happening here. I realize that without running the command again and watching to see what happens, I probably won't figure it out. We have another box that is due to be re-installed. Maybe I'll try it there for giggles to see what happens.

Solaris useradd doesn't do a but and only when done, Either you aren't using the regular useradd or you somewhat passed "/" as user home directory.

Ok. I went back to one of our other servers that is due for re-installation, and found that if I create the user locally (/home/joebob), it worked as I would have expected. It created the directory, set the owner and group, copied everything out of /etc/default/skeleton ... Just what you would think.

When I went to create joebob2 with his home on the /nas, I got the something that I did yesterday. It created the home (/nas/joebob), changed the owner/group, copied everything out of /etc/default/skeleton, and then, starting with the /nas, it started to change everythings owner/group to joebob/group. So ... what is it about my /nas that screws it up? Is it screwing up because it is a non-local directory that I have chosen for $HOME? Is it for some reason not getting a good answer from some command and defaulting to / for the find commands that jilliagre mentioned?

I realize that the answer is that I have fat-fingered something and just had / as the home. But, I was very careful this time to make sure that I put the proper $HOME. And I only typed it all once. The second time I just reused the previous command, and changed the $HOME and username. It is still possible that it was fat fingered, but I was VERY careful this time.

Oh, and it is /usr/sbin/useradd that was being used, so it should be a good copy of useradd.

You can run and see what happens.