Hi Pádraig,
> > $ ls -l /proc/self/fd/0
> > lrwx------ 1 bruno bruno 64 18. Apr 10:00 /proc/self/fd/0 -> /dev/pts/28
> > $ ls -li /dev/pts/28
> > 31 crw------- 1 bruno tty 136, 28 18. Apr 10:01 /dev/pts/28
> > $ unshare -U ls -li /dev/pts/28
> > 31 crw------- 1 nobody nogroup 136, 28 18. Apr 10:01 /dev/pts/28
> >
> > Which is better in this circumstance? A 'logname' program that prints
> > 'logname: no login name'? Or a 'logname' program that prints "nobody"?
> ...
> I'm not sure.
>
> I'm leaning towards showing an error for this case,
> as getlogin() returns "user logged in on the controlling terminal of the
> process",
> and if there is no corresponding user name in the new user namespace
> then it seems wrong to map to "nobody".
After having learned about user namespaces in more depth [1][2], I come to
the opposite conclusion.
In [2] we learn to make the distinction between "inside of the namespace"
and "outside of the namespace", and to expect that program results inside
of the namespace reflect the uid mapping by the namespace.
Thus, "unshared -U logname" is *expected* to produce different results than
"logname" outside of the namespace. And since the uid mapping maps
outside inside
------- ------
$USER nobody
it is normal that when "logname" outside returns $USER, "logname" inside
returns 'nobody'.
Thus my conclusion is: The fallback (that uses the owner of the tty connected
to stdin) is useful.
> > There are two implementation differences:
> > 1) The gnulib one, when configured with --enable-systemd, uses libsystemd
> > instead of utmp/utmpx.
> > 2) The gnulib one has a fallback that uses the owner of the tty connected
> > to stdin.
> ...
> In general we should align with newest glibc anyway unless it's clearly
> broken.
In this case, glibc is broken: It implements neither 1) nor 2). While 1)
makes no practical difference in the scenarios that I've tested (logged in
in a desktop environment or via ssh, no 'unshare'), 2) does in the following
environments:
Fedora 44 KDE ("bruno" -> "nobody")
Fedora 44 GNOME ("logname: no login name" -> "nobody")
Fedora 44 LXDE ("logname: no login name" -> "nobody")
Fedora 44 LXQt ("logname: no login name" -> "nobody")
Fedora 44 MATE ("logname: no login name" -> "nobody")
Fedora 44 Xfce ("logname: no login name" -> "nobody")
Ubuntu 24.04 KDE ("logname: no login name" -> "nobody")
[Reproducible by compiling coreutils-9.11 with gl_cv_func_getlogin_works=no.]
Bruno
[1] https://man7.org/linux/man-pages/man7/user_namespaces.7.html
[2] https://www.youtube.com/watch?v=XgThPoL9mPE
Download with yt-dlp, then view locally.
