Gentoo Archives: gentoo-dev

From: james <garftd@×××××××.net>
To: gentoo-dev@l.g.o
Subject: Re: [gentoo-dev] Requirements for UID/GID management
Date: Sun, 29 Jan 2017 19:31:32
Message-Id: b8b5ebac-6b3e-9dec-27e6-3e6f916c35e3@verizon.net
In Reply to: Re: [gentoo-dev] Requirements for UID/GID management by "A. Wilcox"
1 On 01/29/2017 12:22 PM, A. Wilcox wrote:
2 > -----BEGIN PGP SIGNED MESSAGE-----
3 > Hash: SHA256
4 >
5 > On 29/01/17 11:05, Michael Orlitzky wrote:
6 >> On 01/29/2017 03:26 AM, Alan McKinnon wrote:
7 >>>>
8 >>>> Can anyone think of an upgrade path for fixed UIDs? That issue
9 >>>> aside, I may have convinced myself that fixed UIDs are better.
10 >>>
11 >>> The general process I would recommend is that if the ebuild finds
12 >>> the user already exists, leave it, it's UID and it's file
13 >>> ownerships alone, and keep them as they are. If the user does not
14 >>> exist then create it.
15 >>
16 >> That's what I've got it doing now...
17 >>
18 >>
19 >>> Preferably use a pre-assigned UID/GID so there is some
20 >>> consistency with most other Gentoo things out there.
21 >>
22 >> This is the only point we have left to consider. To recap, there
23 >> are three approaches to try:
24 >>
25 >> 1 Truly fixed IDs. Every user gets the UID it wants, or it doesn't
26 >> get created. The UIDs are all determined beforehand.
27 >>
28 >> 2 Mostly random UIDs, and the few packages that need to specify
29 >> one can do so. Usually installation will never fail, but if some
30 >> user specifies a particular UID and doesn't get it, we die().
31 >>
32 >> 3 Mostly fixed UIDs, but with a fallback to random ones if you
33 >> don't get the UID you want. Here, everyone specifies their
34 >> "preferred" UID, and we try that first. If it doesn't work, you get
35 >> the random assignment.
36 >
37 >
38 > You could easily start with #3, and after some years, move to #1.
39
40 Yep. But, why can't (1) be selectable (now) as part of a profile,
41 once that discussion on profiles is formalized into a pathway forward?
42
43
44 > Anyone with a 20 year old Gentoo install (by that time) should expect
45 > to have to do very heavy lifting.
46
47 Just leave them alone for now, as gentoo systems can now have different
48 gid/uid mappings. Migration strategies will emerge over time. We'd need
49 some mechanism to determine if a given package attempts to set a
50 contrarian uid/gid. Perhaps a flag for those packages could address
51 uid/gid conflicts going forward in a one-off solution?
52
53
54 > I for one am more than willing to do whatever shell commands necessary
55 > to make all my Gentoo installs agree on UIDs and get #1 now, but I
56 > realise most people are not.
57
58 YES! I think after (1) is finalized, it should be part of the handbook
59 installation as a default, but selectable. That way the migration
60 is gently fast-tracked. Matching up with Debian, is a really good idea,
61 as long as nothing is conflated by systemd.
62
63 > - --arw
64
65
66 hth,
67 James
68
69 >
70 > - --
71 > A. Wilcox (awilfox)
72 > Project Lead, Adélie Linux
73 > http://adelielinux.org
74 > -----BEGIN PGP SIGNATURE-----
75 > Version: GnuPG v2
76 >
77 > iQIcBAEBCAAGBQJYjiTOAAoJEMspy1GSK50UCgYP/j7zBRAiL6w7fACER+A+J/3x
78 > keXe4OsBzlNsUxqC+BrQ/Y9tCSJnIHRIs6ozQCgEdfAKJfkLqkSmKAY3O3RT+mho
79 > VzjUCibftf/UNGOnFf6BqXCeBEjtV1YA7URlYumNyHxdG/AFIICWYFSSTLwzJoR1
80 > 91wqJmbcUI3LtQXoXodaYC2nbUWvcbO8RyxpDmxZ33L8xj1lAgpuFNcdEs+Rscxp
81 > oDK4zJC/K8wUYTUR2YO1Lb3lPF6qgJbMcX0YpQaXIGeYA2PXf4O+LqTXmGNr4O9r
82 > DFM3dbPgq2YPuHORACUY5YsmPBjHiaJlgzJo2WrhnIc2D1MPhA430Xlloiua3kF9
83 > G7yqkz7mhBtJFrExoQ2MrtXMB5vwDUZ+3qrBzx/cKfxpSzsRck5NZ27eWK0oEpg2
84 > fAUFJT7iIwSD3WyLkQbc2HHQ5nnTlnrBHM56YgCIPgz1Y4aNSB7hA+tCfQj4CNZC
85 > Y25d9VzBM2KclASiH6ROQLK5EyU0joMtZvTRx89b8SJV+AebLeaWtCsGe41KeF/W
86 > iDSnPGXtKRLYZtdebxGCXZwbaUVCRu/cIH2TXMpWDjm0iw3GoFZ6jiLveRCns59U
87 > UecZNQph5tPc/HBX2zCTTmH3jNfifSfb525aHVnUSVlyTWa8SQzw2jlnOuAkI33q
88 > 8MY5++CHplEPGVCvYMrc
89 > =99NE
90 > -----END PGP SIGNATURE-----
91 >
92 >
93 >