| 1 |
Dnia August 2, 2019 9:14:56 AM UTC, Jaco Kroon <jaco@××××××.za> napisał(a): |
| 2 |
>Thank you Michał, much appreciated. |
| 3 |
> |
| 4 |
>I've in the meantime to make progress on my side picked something which |
| 5 |
> |
| 6 |
>was not in use in ::gentoo, so I can move forward, but it's be really |
| 7 |
>good to have the below feature anyway going forward. |
| 8 |
> |
| 9 |
>On 2019/08/01 22:47, Michał Górny wrote: |
| 10 |
>> On Thu, 2019-08-01 at 21:04 +0200, Jaco Kroon wrote: |
| 11 |
>>> Hi, |
| 12 |
>>> |
| 13 |
>>> Looking at the new eclasses for acct-user and acct-group. |
| 14 |
>>> |
| 15 |
>>> These enforce that a group and user id should be set. |
| 16 |
>>> |
| 17 |
>>> This is not a requirement for enewuser nor enewgroup. |
| 18 |
>>> |
| 19 |
>>> As a further discrepancy, the user eclass requires >0 for the IDs, |
| 20 |
>>> whereas the checks in acct-user and acct-group is for >= 0. |
| 21 |
>>> |
| 22 |
>>> Would it be ok to suggest that we allow -1 (or 0, but that could be |
| 23 |
>>> confused with the root user/group) in acct-user and acct-group to |
| 24 |
>>> specify "no specific id, please allocate dynamically"? |
| 25 |
>>> |
| 26 |
>>> Use case: I'm building some experimental packages in an overlay, |
| 27 |
>and I |
| 28 |
>>> really don't care what the UID and GID values are, I just need |
| 29 |
>something |
| 30 |
>>> unique on the host I can use to avoid running the service as root. |
| 31 |
>>> Guessing I could just manually useradd -r but then again ... if I do |
| 32 |
>>> later submit these into the main tree (or other packages) then it |
| 33 |
>>> becomes a problem, and maintaining acct-{user,group}/* outside of |
| 34 |
>main |
| 35 |
>>> tree could conflict with main tree at a later stage ... either way, |
| 36 |
>>> having some way to say "I honestly don't care, just give me a random |
| 37 |
>>> number" is probably a good thing. |
| 38 |
>>> |
| 39 |
>> I'll look into adding support for '-1' in a few days. However, I'm |
| 40 |
>> going to add QA checks to prevent it from getting into ::gentoo |
| 41 |
>first. |
| 42 |
> |
| 43 |
>Assuming I understand that correctly, you're happy with -1 values going |
| 44 |
> |
| 45 |
>into overlays, but not into ::gentoo? |
| 46 |
|
| 47 |
Yes. |
| 48 |
|
| 49 |
> |
| 50 |
>Would you mind to explain the motivation for that? |
| 51 |
|
| 52 |
Assignments are now required by policy. We really want to support at least some of the weird use cases people requested over the time, that requires uids/gids in sync. Even though you are probably right that there are users and groups that would never make real use of that, I don't think it's worthwhile to try to make the policy more complex (and potentially breaking for some obscure uses) for no real benefit. |
| 53 |
|
| 54 |
> |
| 55 |
>I'm also happy to take a whack at generating a patch series for you for |
| 56 |
> |
| 57 |
>the eclasses themselves (not familiar with the QA check code yet), |
| 58 |
>including sorting out the >0 vs >=0 discrepancy, if you're happy with |
| 59 |
>that? |
| 60 |
|
| 61 |
Sure. Please preferably address two of them separately, so we can commit the 0 patch first, and -1 when CI is ready. |
| 62 |
|
| 63 |
> |
| 64 |
>Kind Regards, |
| 65 |
>Jaco |
| 66 |
|
| 67 |
|
| 68 |
-- |
| 69 |
Best regards, |
| 70 |
Michał Górny |
Archives