| 1 |
On Friday 23 October 2009 17:51:19 Helmut Jarausch wrote: |
| 2 |
> Hi, |
| 3 |
> |
| 4 |
> after hunting around for some weeks now, I've finally found the culprit |
| 5 |
> to my permission problems with fcron[tab] |
| 6 |
> |
| 7 |
> First, |
| 8 |
> some Gentoo package must have changed the UID of several executables |
| 9 |
> and directories of the sys-process/fcron package to 'stunnel' |
| 10 |
> instead of 'fcron'. |
| 11 |
> I've found and fixed these long ago but still it didn't work. |
| 12 |
> Now, I've found out, that in |
| 13 |
> /etc/passwd |
| 14 |
> the user 'fcron' had a GID which wasn't in /etc/group any longer. |
| 15 |
> Probably, when sys-process/fcron is reinstalled, portage does not |
| 16 |
> seem to change the entry in /etc/passwd (which it has created |
| 17 |
> itself some time ago) |
| 18 |
|
| 19 |
|
| 20 |
Without looking through the ebuilds, I'd guess the ebuild runs |
| 21 |
|
| 22 |
useradd -r <daemon_name> |
| 23 |
|
| 24 |
which will always lead to your problem sooner or later. |
| 25 |
|
| 26 |
IMNSHO, /etc/{passwd,shadow,group} really should be part of the base install |
| 27 |
with all daemon users pre-defined. Use the range 1-99 for this, it will take a |
| 28 |
very long time to accumulate more than 99 daemon UIDs and one can confidently |
| 29 |
know what UID a given system user required by an ebuild ought to be. |
| 30 |
|
| 31 |
The implementation is obviously more complex than dropping a file on the file |
| 32 |
system, so a simple API is required. Nonetheless, the idea is still sound. |
| 33 |
|
| 34 |
The alternate is to expect users to know to run |
| 35 |
|
| 36 |
find / -nouser -o -nogroup |
| 37 |
|
| 38 |
at the magic points where it will be useful. Which is ludicrous. |
| 39 |
|
| 40 |
-- |
| 41 |
alan dot mckinnon at gmail dot com |
Archives