| 1 |
On Mon, May 27, 2019 at 08:44:09PM -0400, Mike Gilbert wrote: |
| 2 |
> On Mon, May 27, 2019 at 11:45 AM William Hubbs <williamh@g.o> wrote: |
| 3 |
> > |
| 4 |
> > If a package hard codes the UID or GID when adding a user or group to |
| 5 |
> > the system and that UID/GID already exists, we should abort rather than |
| 6 |
> > changing the UID/GID. |
| 7 |
> These functions have behaved this way for a long time. |
| 8 |
Yes, I recall this breakage being raised even prior to GLEP27. |
| 9 |
|
| 10 |
Some coverage of prior work firstly. |
| 11 |
2003/May: eid_database [1] |
| 12 |
2004/May: GLEP27 [2] |
| 13 |
2006/Summer: GSOC Project for GLEP27 implementation [3] |
| 14 |
Later: Creandus [4][5] |
| 15 |
|
| 16 |
[1] https://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-src/eid_database/ |
| 17 |
[2] https://www.gentoo.org/glep/glep-0027.html |
| 18 |
[3] https://github.com/creandus/creandus.github.com/blob/master/glep27-proposal.txt |
| 19 |
[4] https://github.com/creandus/ |
| 20 |
[5] http://creandus.github.io/ |
| 21 |
|
| 22 |
> What problem are you trying to solve here? |
| 23 |
Specifically: |
| 24 |
1. Package A is emerged, and the ebuild specifies enewuser/enewgroup |
| 25 |
with -1 as the numeric input, and some user or group is created with |
| 26 |
value X. |
| 27 |
2. Package B is emerged, and the ebuild specifies enewuser/enewgroup |
| 28 |
with a fixed UID/GID value Y && explicitly depends on having that |
| 29 |
specific value. |
| 30 |
|
| 31 |
If X == Y, then the actual outcome is that B gets dynamic allocation of |
| 32 |
the UID/GID values, rather than the intended fixed values, and can |
| 33 |
break. It also goes against the intent of passing a fixed value in the |
| 34 |
first place! |
| 35 |
|
| 36 |
Debian's solution [6][7] here is to have separate numeric ranges for |
| 37 |
statically assigned values vs dynamically assigned values, so that they |
| 38 |
will never conflict. |
| 39 |
|
| 40 |
This does still run into trouble for some cases where multiple systems |
| 41 |
want the same user/group to have the same numeric value, typically where |
| 42 |
something is being shared (user databases, files). |
| 43 |
|
| 44 |
I used to know RedHat's solution as well, but I can't remember any |
| 45 |
details of it at the moment. |
| 46 |
|
| 47 |
I'd like to accept WilliamH's patch as-is, and then add an additional |
| 48 |
patch that moves the range of dynamically allocated users such that it |
| 49 |
does not conflict. |
| 50 |
|
| 51 |
[6] https://www.debian.org/doc/debian-policy/ch-opersys.html#introduction |
| 52 |
[7] https://salsa.debian.org/debian/base-passwd |
| 53 |
|
| 54 |
-- |
| 55 |
Robin Hugh Johnson |
| 56 |
Gentoo Linux: Dev, Infra Lead, Foundation Treasurer |
| 57 |
E-Mail : robbat2@g.o |
| 58 |
GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85 |
| 59 |
GnuPG FP : 7D0B3CEB E9B85B1F 825BCECF EE05E6F6 A48F6136 |
Archives