The bug is the lack of documentation and that a simple unguarded command can erase all user’s data on the system.
Also, the principle of least surprise would like a word.
If I look at the command line arguments of a program called “systemd-tmpfiles” and one of them is called “purge” I will generally assume that option will purge temporary files.
Now it turns out that someone decided that this program would be a simple way to do something with /home directories(*) so they included /home in the config file for the program, the file that the program reads by default when it is invoked.
Who decided it would be a good idea for it to deal with /home?
(*)I have no idea what this program is doing with /home in its config file. I will presume that there is a useful and mostly logical reason for it, and that this command line option was just an unfortunate footgun for those users who were not intimately familiar with systemd.
The bug is the lack of documentation and that a simple unguarded command can erase all user’s data on the system.
Also, the principle of least surprise would like a word.
If I look at the command line arguments of a program called “systemd-tmpfiles” and one of them is called “purge” I will generally assume that option will purge temporary files.
Now it turns out that someone decided that this program would be a simple way to do something with /home directories(*) so they included /home in the config file for the program, the file that the program reads by default when it is invoked.
Who decided it would be a good idea for it to deal with /home?
Wellllll…
https://github.com/systemd/systemd/blob/main/tmpfiles.d/home.conf
(*)I have no idea what this program is doing with /home in its config file. I will presume that there is a useful and mostly logical reason for it, and that this command line option was just an unfortunate footgun for those users who were not intimately familiar with systemd.