Check if the Apt::Sandbox::User exists in CheckDropPrivsMustBeDisabled()

If it does not exist disabled priv dropping as there is nothing
we can drop to. This will unblock people with special chroots
or systems that deleted the "_apt" user.

Closes: #806406

diff --git a/apt-pkg/acquire.cc b/apt-pkg/acquire.cc
index a86bcef1aba1c8dde630014d337a99cf8234b3b6..b229a61b62297739accc7c8786b5a2af7576905b 100644 (file)
--- a/apt-pkg/acquire.cc
+++ b/apt-pkg/acquire.cc
@@ -507,7 +507,11 @@ static void CheckDropPrivsMustBeDisabled(pkgAcquire const &Fetcher)
 
    struct passwd const * const pw = getpwnam(SandboxUser.c_str());
    if (pw == NULL)
+   {
+      _error->Warning(_("No sandbox user '%s' on the system, can not drop privileges"), SandboxUser.c_str());
+      _config->Set("APT::Sandbox::User", "");
       return;
+   }
 
    gid_t const old_euid = geteuid();
    gid_t const old_egid = getegid();