Re: [gentoo-dev] [PATCH] user.eclass: die if hard coded UID or GID is already in use
On Tue, May 28, 2019 at 1:41 AM Robin H. Johnson wrote: > > On Mon, May 27, 2019 at 08:44:09PM -0400, Mike Gilbert wrote: > > On Mon, May 27, 2019 at 11:45 AM William Hubbs wrote: > > > > > > If a package hard codes the UID or GID when adding a user or group to > > > the system and that UID/GID already exists, we should abort rather than > > > changing the UID/GID. > > These functions have behaved this way for a long time. > Yes, I recall this breakage being raised even prior to GLEP27. > > Some coverage of prior work firstly. > 2003/May: eid_database [1] > 2004/May: GLEP27 [2] > 2006/Summer: GSOC Project for GLEP27 implementation [3] > Later: Creandus [4][5] > > [1] https://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-src/eid_database/ > [2] https://www.gentoo.org/glep/glep-0027.html > [3] > https://github.com/creandus/creandus.github.com/blob/master/glep27-proposal.txt > [4] https://github.com/creandus/ > [5] http://creandus.github.io/ > > > What problem are you trying to solve here? > Specifically: > 1. Package A is emerged, and the ebuild specifies enewuser/enewgroup > with -1 as the numeric input, and some user or group is created with > value X. > 2. Package B is emerged, and the ebuild specifies enewuser/enewgroup > with a fixed UID/GID value Y && explicitly depends on having that > specific value. Could you provide some examples of packages that require a specific numeric UID/GID to function properly? That seems like a significant design flaw. > I'd like to accept WilliamH's patch as-is, and then add an additional > patch that moves the range of dynamically allocated users such that it > does not conflict. The "dynamic range" currently defaults to 101 to 999 as defined by SYS_{UID,GID}_{MIN,MAX} in /etc/login.defs. It is quite likely that live production systems have ids scattered throughout this range. Changing enewuser/enewgroup to fail if there are "conflicts" may make some ebuilds unusable on said systems. As mgorny suggests, I suspect the static UID/GID that is sometimes passed to enewuser/enewgroup is more of a preference/suggestion than a requirement. I do not believe William's patch should be merged without some very good reason for the change in behavior.
Re: [gentoo-dev] [PATCH] user.eclass: die if hard coded UID or GID is already in use
On Mon, May 27, 2019 at 08:44:09PM -0400, Mike Gilbert wrote: > On Mon, May 27, 2019 at 11:45 AM William Hubbs wrote: > > > > If a package hard codes the UID or GID when adding a user or group to > > the system and that UID/GID already exists, we should abort rather than > > changing the UID/GID. > These functions have behaved this way for a long time. Yes, I recall this breakage being raised even prior to GLEP27. Some coverage of prior work firstly. 2003/May: eid_database [1] 2004/May: GLEP27 [2] 2006/Summer: GSOC Project for GLEP27 implementation [3] Later: Creandus [4][5] [1] https://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-src/eid_database/ [2] https://www.gentoo.org/glep/glep-0027.html [3] https://github.com/creandus/creandus.github.com/blob/master/glep27-proposal.txt [4] https://github.com/creandus/ [5] http://creandus.github.io/ > What problem are you trying to solve here? Specifically: 1. Package A is emerged, and the ebuild specifies enewuser/enewgroup with -1 as the numeric input, and some user or group is created with value X. 2. Package B is emerged, and the ebuild specifies enewuser/enewgroup with a fixed UID/GID value Y && explicitly depends on having that specific value. If X == Y, then the actual outcome is that B gets dynamic allocation of the UID/GID values, rather than the intended fixed values, and can break. It also goes against the intent of passing a fixed value in the first place! Debian's solution [6][7] here is to have separate numeric ranges for statically assigned values vs dynamically assigned values, so that they will never conflict. This does still run into trouble for some cases where multiple systems want the same user/group to have the same numeric value, typically where something is being shared (user databases, files). I used to know RedHat's solution as well, but I can't remember any details of it at the moment. I'd like to accept WilliamH's patch as-is, and then add an additional patch that moves the range of dynamically allocated users such that it does not conflict. [6] https://www.debian.org/doc/debian-policy/ch-opersys.html#introduction [7] https://salsa.debian.org/debian/base-passwd -- Robin Hugh Johnson Gentoo Linux: Dev, Infra Lead, Foundation Treasurer E-Mail : robb...@gentoo.org GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85 GnuPG FP : 7D0B3CEB E9B85B1F 825BCECF EE05E6F6 A48F6136 signature.asc Description: PGP signature
Re: [gentoo-dev] [PATCH] user.eclass: die if hard coded UID or GID is already in use
On Mon, 2019-05-27 at 10:45 -0500, William Hubbs wrote: > If a package hard codes the UID or GID when adding a user or group to > the system and that UID/GID already exists, we should abort rather than > changing the UID/GID. I think the major usage of this argument is not to enforce a specific UID/GID but to specify a 'preferred' UID/GID, i.e. somewhat attempt to build Gentoo systems with stable UID/GIDs. That's why it's non- fatal. I don't have a strong opinion on changing it. I don't know if we have any actual use cases where UID/GID needs to be enforced. > --- > eclass/user.eclass | 6 -- > 1 file changed, 4 insertions(+), 2 deletions(-) > > diff --git a/eclass/user.eclass b/eclass/user.eclass > index f6a10a6bee2..0d0f9d9eb89 100644 > --- a/eclass/user.eclass > +++ b/eclass/user.eclass > @@ -130,7 +130,8 @@ enewuser() { > if [[ -n ${euid} && ${euid} != -1 ]] ; then > if [[ ${euid} -gt 0 ]] ; then > if [[ -n $(egetent passwd ${euid}) ]] ; then > - euid="next" > + eerror "UID is already taken" > + die "user ${euser} needs a new UID" > fi > else > eerror "Userid given but is not greater than 0 !" > @@ -290,7 +291,8 @@ enewgroup() { > if [[ ! -z ${egid} ]] ; then > if [[ ${egid} -gt 0 ]] ; then > if [[ -n $(egetent group ${egid}) ]] ; then > - egid="next available; requested gid taken" > + eerror "GID is already taken" > + die "group ${egroup} needs a new GID" > fi > else > eerror "Groupid given but is not greater than 0 !" -- Best regards, Michał Górny signature.asc Description: This is a digitally signed message part
Re: [gentoo-dev] [PATCH] user.eclass: die if hard coded UID or GID is already in use
On Mon, May 27, 2019 at 11:45 AM William Hubbs wrote: > > If a package hard codes the UID or GID when adding a user or group to > the system and that UID/GID already exists, we should abort rather than > changing the UID/GID. These functions have behaved this way for a long time. What problem are you trying to solve here?
[gentoo-dev] [PATCH] user.eclass: die if hard coded UID or GID is already in use
If a package hard codes the UID or GID when adding a user or group to the system and that UID/GID already exists, we should abort rather than changing the UID/GID. --- eclass/user.eclass | 6 -- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/eclass/user.eclass b/eclass/user.eclass index f6a10a6bee2..0d0f9d9eb89 100644 --- a/eclass/user.eclass +++ b/eclass/user.eclass @@ -130,7 +130,8 @@ enewuser() { if [[ -n ${euid} && ${euid} != -1 ]] ; then if [[ ${euid} -gt 0 ]] ; then if [[ -n $(egetent passwd ${euid}) ]] ; then - euid="next" + eerror "UID is already taken" + die "user ${euser} needs a new UID" fi else eerror "Userid given but is not greater than 0 !" @@ -290,7 +291,8 @@ enewgroup() { if [[ ! -z ${egid} ]] ; then if [[ ${egid} -gt 0 ]] ; then if [[ -n $(egetent group ${egid}) ]] ; then - egid="next available; requested gid taken" + eerror "GID is already taken" + die "group ${egroup} needs a new GID" fi else eerror "Groupid given but is not greater than 0 !" -- 2.21.0