1 |
On Mon, May 27, 2019 at 08:44:09PM -0400, Mike Gilbert wrote: |
2 |
> On Mon, May 27, 2019 at 11:45 AM William Hubbs <williamh@g.o> wrote: |
3 |
> > |
4 |
> > If a package hard codes the UID or GID when adding a user or group to |
5 |
> > the system and that UID/GID already exists, we should abort rather than |
6 |
> > changing the UID/GID. |
7 |
> These functions have behaved this way for a long time. |
8 |
Yes, I recall this breakage being raised even prior to GLEP27. |
9 |
|
10 |
Some coverage of prior work firstly. |
11 |
2003/May: eid_database [1] |
12 |
2004/May: GLEP27 [2] |
13 |
2006/Summer: GSOC Project for GLEP27 implementation [3] |
14 |
Later: Creandus [4][5] |
15 |
|
16 |
[1] https://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-src/eid_database/ |
17 |
[2] https://www.gentoo.org/glep/glep-0027.html |
18 |
[3] https://github.com/creandus/creandus.github.com/blob/master/glep27-proposal.txt |
19 |
[4] https://github.com/creandus/ |
20 |
[5] http://creandus.github.io/ |
21 |
|
22 |
> What problem are you trying to solve here? |
23 |
Specifically: |
24 |
1. Package A is emerged, and the ebuild specifies enewuser/enewgroup |
25 |
with -1 as the numeric input, and some user or group is created with |
26 |
value X. |
27 |
2. Package B is emerged, and the ebuild specifies enewuser/enewgroup |
28 |
with a fixed UID/GID value Y && explicitly depends on having that |
29 |
specific value. |
30 |
|
31 |
If X == Y, then the actual outcome is that B gets dynamic allocation of |
32 |
the UID/GID values, rather than the intended fixed values, and can |
33 |
break. It also goes against the intent of passing a fixed value in the |
34 |
first place! |
35 |
|
36 |
Debian's solution [6][7] here is to have separate numeric ranges for |
37 |
statically assigned values vs dynamically assigned values, so that they |
38 |
will never conflict. |
39 |
|
40 |
This does still run into trouble for some cases where multiple systems |
41 |
want the same user/group to have the same numeric value, typically where |
42 |
something is being shared (user databases, files). |
43 |
|
44 |
I used to know RedHat's solution as well, but I can't remember any |
45 |
details of it at the moment. |
46 |
|
47 |
I'd like to accept WilliamH's patch as-is, and then add an additional |
48 |
patch that moves the range of dynamically allocated users such that it |
49 |
does not conflict. |
50 |
|
51 |
[6] https://www.debian.org/doc/debian-policy/ch-opersys.html#introduction |
52 |
[7] https://salsa.debian.org/debian/base-passwd |
53 |
|
54 |
-- |
55 |
Robin Hugh Johnson |
56 |
Gentoo Linux: Dev, Infra Lead, Foundation Treasurer |
57 |
E-Mail : robbat2@g.o |
58 |
GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85 |
59 |
GnuPG FP : 7D0B3CEB E9B85B1F 825BCECF EE05E6F6 A48F6136 |