Gentoo Archives: gentoo-dev

From: Alec Warner <antarus@g.o>
To: gentoo-dev@l.g.o
Subject: Re: [gentoo-dev] A policy to support random superuser account names
Date: Fri, 30 Apr 2010 19:36:31
In Reply to: [gentoo-dev] A policy to support random superuser account names by "Michał Górny"
1 On Fri, Apr 30, 2010 at 11:07 AM, Michał Górny <gentoo@××××××××××.pl> wrote:
2 > Hello,
3 >
4 > I would like to put an emphasis on the fact that many eclasses
5 > and ebuilds in gx86 are relying on an assumption that the superuser
6 > account is always supposed to be named 'root'.
7 >
8 > In fact, no such constraint exists. Although most users will never even
9 > think of changing the superuser account name, it is perfectly legit
10 > to do so, and to use any name for that account. Moreover, it is
11 > perfectly legit to name an unprivileged user 'root' too.
13 Whether it is legitimate or not is irrelevant. Users can chose to do
14 all sorts of legitimate but in the end utterly retarded things to
15 their systems and developers chose whether or not to support them.
16 gcc flags are a common case here (I can legitimately set a number of
17 flags; but most developers ignore reports with odd flags.)
19 >
20 > Thus, the above assumption is clearly incorrect and may result in many
21 > issues with ebuilds using it. These range from builds failing because
22 > of chown 'invalid user' error to packages being installed with
23 > incorrect file ownership.
25 I'd say the assumption is correct in 95% of cases; so it remains a useful one.
27 >
28 > From what I've heard already, similar problem has hit Gentoo/*BSD users
29 > already, with superuser group not being named 'root'. Although some
30 > files were fixed to properly use numeric GID in the specific case,
31 > no UID-related changes were done.
32 >
33 > Moreover, not all developers agree with the case being an issue,
34 > and they even refuse patches clearly fixing it [1]. Thus, I guess that
35 > a clear policy regarding referencing the superuser account should be
36 > enforced.
38 Users do a number of utterly ridiculous things to their system and
39 developers are free to reject bug reports for any number of reasons
40 (this being one of them.)
42 >
43 > In my opinion, that policy should clearly indicate that the numeric
44 > UID/GID should be always used for referencing the superuser account
45 > as they are fixed unlike the names.
47 Except as stated they are not fixed (as Fabian pointed out). I'm
48 happy to support something like setting ROOT_UID and ROOT_GID in
49 gentoo-x86 profiles and using those. Then if you want to do something
50 utterly ridiculous to your system you can just set the appropriate
51 variables.
53 This will likely take a GLEP though; plus it is a major change to a
54 lot of software we have; are you willing to make said changes? Making
55 a proposal like this is all well and good but you are asking for a lot
56 of work to be done for what is essentially very little gain for users.
58 -A
60 >
61 > [1]
62 >
63 > --
64 > Best regards,
65 > Michał Górny
66 >
67 > <>
68 > <xmpp:mgorny@××××××.ru>
69 >