1 |
On 01/28/2017 09:22 PM, Rich Freeman wrote: |
2 |
>> |
3 |
>> Here's a problem I have no solution for. Suppose we tell everyone to |
4 |
>> pick a fixed UID for their user packages. I have a randomly assigned |
5 |
>> "tcpdump" user as UID 102 on my machine today. If we roll this out next |
6 |
>> week and the tcpdump maintainer chooses UID=321 as his fixed UID, what |
7 |
>> happens when I go to install sys-user/tcpdump? Every option is bad: |
8 |
>> |
9 |
>> * Keep the existing user. Now its UID is wrong. You might say "so |
10 |
>> what," but the majority of users on the majority of systems are |
11 |
>> going to have this problem, so you have to wonder what we've |
12 |
>> gained by deciding on fixed UIDs and then ultimately assigning |
13 |
>> them randomly anyway. |
14 |
> |
15 |
> Honestly, I really will say "so what" here. :) |
16 |
> |
17 |
> Sure, it isn't a perfect solution, but it costs you nothing, and the |
18 |
> fallback is just random UIDs, which as we've already established |
19 |
> aren't a huge problem. For new installs things will be more |
20 |
> consistent. |
21 |
> |
22 |
|
23 |
|
24 |
"Fixed UIDs with random fallback" and "random UIDs" are the same thing. |
25 |
If our goal is to make things easy on people who need fixed UIDs, then |
26 |
they should be truly fixed. Even on a new machine, you might wind up |
27 |
with all of the preferred UIDs, or they might all be wrong. Suppose I |
28 |
add a new user 21 on my fresh install. The ftp server was going to use |
29 |
21, but now it falls back to 22. The SSH daemon was going to take 22, |
30 |
but now it falls back to 23. The telnet daemon was going to take 23... |
31 |
That doesn't help NFS users. It's still random in the sense that it |
32 |
depends on the state of the system in an unpredictable way. |
33 |
|
34 |
And what about packages that truly require a fixed UID? I think that's |
35 |
the only place my current implementation and your proposal differ. I |
36 |
have it die() under the assumption that most ebuilds won't request a |
37 |
UID. If everyone picks a UID and we can ignore it, what do we do about |
38 |
the packages that actually need what they asked for? |