1 |
Dnia August 2, 2019 9:14:56 AM UTC, Jaco Kroon <jaco@××××××.za> napisał(a): |
2 |
>Thank you Michał, much appreciated. |
3 |
> |
4 |
>I've in the meantime to make progress on my side picked something which |
5 |
> |
6 |
>was not in use in ::gentoo, so I can move forward, but it's be really |
7 |
>good to have the below feature anyway going forward. |
8 |
> |
9 |
>On 2019/08/01 22:47, Michał Górny wrote: |
10 |
>> On Thu, 2019-08-01 at 21:04 +0200, Jaco Kroon wrote: |
11 |
>>> Hi, |
12 |
>>> |
13 |
>>> Looking at the new eclasses for acct-user and acct-group. |
14 |
>>> |
15 |
>>> These enforce that a group and user id should be set. |
16 |
>>> |
17 |
>>> This is not a requirement for enewuser nor enewgroup. |
18 |
>>> |
19 |
>>> As a further discrepancy, the user eclass requires >0 for the IDs, |
20 |
>>> whereas the checks in acct-user and acct-group is for >= 0. |
21 |
>>> |
22 |
>>> Would it be ok to suggest that we allow -1 (or 0, but that could be |
23 |
>>> confused with the root user/group) in acct-user and acct-group to |
24 |
>>> specify "no specific id, please allocate dynamically"? |
25 |
>>> |
26 |
>>> Use case: I'm building some experimental packages in an overlay, |
27 |
>and I |
28 |
>>> really don't care what the UID and GID values are, I just need |
29 |
>something |
30 |
>>> unique on the host I can use to avoid running the service as root. |
31 |
>>> Guessing I could just manually useradd -r but then again ... if I do |
32 |
>>> later submit these into the main tree (or other packages) then it |
33 |
>>> becomes a problem, and maintaining acct-{user,group}/* outside of |
34 |
>main |
35 |
>>> tree could conflict with main tree at a later stage ... either way, |
36 |
>>> having some way to say "I honestly don't care, just give me a random |
37 |
>>> number" is probably a good thing. |
38 |
>>> |
39 |
>> I'll look into adding support for '-1' in a few days. However, I'm |
40 |
>> going to add QA checks to prevent it from getting into ::gentoo |
41 |
>first. |
42 |
> |
43 |
>Assuming I understand that correctly, you're happy with -1 values going |
44 |
> |
45 |
>into overlays, but not into ::gentoo? |
46 |
|
47 |
Yes. |
48 |
|
49 |
> |
50 |
>Would you mind to explain the motivation for that? |
51 |
|
52 |
Assignments are now required by policy. We really want to support at least some of the weird use cases people requested over the time, that requires uids/gids in sync. Even though you are probably right that there are users and groups that would never make real use of that, I don't think it's worthwhile to try to make the policy more complex (and potentially breaking for some obscure uses) for no real benefit. |
53 |
|
54 |
> |
55 |
>I'm also happy to take a whack at generating a patch series for you for |
56 |
> |
57 |
>the eclasses themselves (not familiar with the QA check code yet), |
58 |
>including sorting out the >0 vs >=0 discrepancy, if you're happy with |
59 |
>that? |
60 |
|
61 |
Sure. Please preferably address two of them separately, so we can commit the 0 patch first, and -1 when CI is ready. |
62 |
|
63 |
> |
64 |
>Kind Regards, |
65 |
>Jaco |
66 |
|
67 |
|
68 |
-- |
69 |
Best regards, |
70 |
Michał Górny |