Gentoo Archives: gentoo-dev

From: Michael Orlitzky <mjo@g.o>
To: gentoo-dev@l.g.o
Subject: Re: [gentoo-dev] RFC: UID/GID rspamd
Date: Tue, 03 Dec 2019 13:04:38
Message-Id: e0f83545-8f22-543f-9262-10905ec19ea2@gentoo.org
In Reply to: Re: [gentoo-dev] RFC: UID/GID rspamd by "Petr Vaněk"
1 On 12/3/19 5:41 AM, Petr Vaněk wrote:
2 >
3 > Btw, I am just curios about the situation when there is a foo overlay
4 > with acct-{user,group}/foo using UID/GID already set in main gentoo
5 > overlay and later on we would like to move it to the main gentoo
6 > overlay. It would be necessary to chose different UID/GID for
7 > acct-{user,group}/foo. So, my question is, would it be technically
8 > feasible to do the migration for users of the foo overlay? I can
9 > imagine this scenario will occur once in the future and it is UID/GID
10 > change.
11 >
12
13 The GLEP81 eclasses will reuse an existing account (with the "old" UID)
14 if the name matches. When migrating from an overlay, things should keep
15 working for the overlay users -- they just won't get the new UID.
16 Regular users of ::gentoo won't notice anything out of the ordinary.
17
18 What doesn't work is trying to fix the existing UID/GID to match the new
19 one. To do that, you'd need to know every file on the system that's
20 owned by the old UID, so that you can switch them to the new UID.
21 There's no good way to do that, and definitely no secure way to chown
22 them afterwards. So, we can't do it in the eclasses in the main tree.
23
24 But, if you're working on something in an overlay and if you know how
25 the software works and are comfortable finding/deleting all of its files
26 and wiping its entry out of /etc/passwd, then in that specific case, you
27 can even switch the UIDs. Just manually erase all traces of the user
28 from your system, and then emerge the ebuild from ::gentoo.