1 |
On Friday 23 October 2009 17:51:19 Helmut Jarausch wrote: |
2 |
> Hi, |
3 |
> |
4 |
> after hunting around for some weeks now, I've finally found the culprit |
5 |
> to my permission problems with fcron[tab] |
6 |
> |
7 |
> First, |
8 |
> some Gentoo package must have changed the UID of several executables |
9 |
> and directories of the sys-process/fcron package to 'stunnel' |
10 |
> instead of 'fcron'. |
11 |
> I've found and fixed these long ago but still it didn't work. |
12 |
> Now, I've found out, that in |
13 |
> /etc/passwd |
14 |
> the user 'fcron' had a GID which wasn't in /etc/group any longer. |
15 |
> Probably, when sys-process/fcron is reinstalled, portage does not |
16 |
> seem to change the entry in /etc/passwd (which it has created |
17 |
> itself some time ago) |
18 |
|
19 |
|
20 |
Without looking through the ebuilds, I'd guess the ebuild runs |
21 |
|
22 |
useradd -r <daemon_name> |
23 |
|
24 |
which will always lead to your problem sooner or later. |
25 |
|
26 |
IMNSHO, /etc/{passwd,shadow,group} really should be part of the base install |
27 |
with all daemon users pre-defined. Use the range 1-99 for this, it will take a |
28 |
very long time to accumulate more than 99 daemon UIDs and one can confidently |
29 |
know what UID a given system user required by an ebuild ought to be. |
30 |
|
31 |
The implementation is obviously more complex than dropping a file on the file |
32 |
system, so a simple API is required. Nonetheless, the idea is still sound. |
33 |
|
34 |
The alternate is to expect users to know to run |
35 |
|
36 |
find / -nouser -o -nogroup |
37 |
|
38 |
at the magic points where it will be useful. Which is ludicrous. |
39 |
|
40 |
-- |
41 |
alan dot mckinnon at gmail dot com |