From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id sKLULRVh71/pBgAA0tVLHw (envelope-from ) for ; Fri, 01 Jan 2021 17:51:17 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0 with LMTPS id trejKRVh719AVwAA1q6Kng (envelope-from ) for ; Fri, 01 Jan 2021 17:51:17 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 4F9B09402D4 for ; Fri, 1 Jan 2021 17:51:17 +0000 (UTC) Received: from localhost ([::1]:56108 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kvOa3-00018L-Ji for larch@yhetil.org; Fri, 01 Jan 2021 12:51:15 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:52708) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kvOZt-000176-K8 for bug-guix@gnu.org; Fri, 01 Jan 2021 12:51:07 -0500 Received: from debbugs.gnu.org ([209.51.188.43]:51440) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1kvOZq-00029h-6g for bug-guix@gnu.org; Fri, 01 Jan 2021 12:51:05 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1kvOZq-0000Tn-4N for bug-guix@gnu.org; Fri, 01 Jan 2021 12:51:02 -0500 X-Loop: help-debbugs@gnu.org Subject: bug#45571: Support stable uids and gids for all accounts Resent-From: Danny Milosavljevic Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Fri, 01 Jan 2021 17:51:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 45571 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Leo Prikler Received: via spool by 45571-submit@debbugs.gnu.org id=B45571.16095234191793 (code B ref 45571); Fri, 01 Jan 2021 17:51:02 +0000 Received: (at 45571) by debbugs.gnu.org; 1 Jan 2021 17:50:19 +0000 Received: from localhost ([127.0.0.1]:34753 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kvOZ9-0000Sr-HD for submit@debbugs.gnu.org; Fri, 01 Jan 2021 12:50:19 -0500 Received: from dd26836.kasserver.com ([85.13.145.193]:35238) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kvOZ7-0000Se-H0 for 45571@debbugs.gnu.org; Fri, 01 Jan 2021 12:50:18 -0500 Received: from localhost (80-110-127-104.cgn.dynamic.surfer.at [80.110.127.104]) by dd26836.kasserver.com (Postfix) with ESMTPSA id 17816336521B; Fri, 1 Jan 2021 18:50:16 +0100 (CET) Date: Fri, 1 Jan 2021 18:50:12 +0100 From: Danny Milosavljevic Message-ID: <20210101184838.21869359@scratchpost.org> In-Reply-To: References: X-Mailer: Claws Mail 3.17.8 (GTK+ 2.24.32; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="Sig_/4F9etEZHa5OAgo_R2mI+fjA"; protocol="application/pgp-signature"; micalg=pgp-sha512 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-guix@gnu.org List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: 45571@debbugs.gnu.org Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org Sender: "bug-Guix" X-Migadu-Flow: FLOW_IN X-Migadu-Spam-Score: -2.43 Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of bug-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=bug-guix-bounces@gnu.org X-Migadu-Queue-Id: 4F9B09402D4 X-Spam-Score: -2.43 X-Migadu-Scanner: scn1.migadu.com X-TUID: Y+MDHKu/0NU5 --Sig_/4F9etEZHa5OAgo_R2mI+fjA Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Hello, On Fri, 01 Jan 2021 17:20:58 +0100 Leo Prikler wrote: > I don't think changing the way UIDs are allocated by default is a good > solution as that will break many running installations on real > hardware, that default to those. =20 (gnu build accounts), allocate-passwd defaults to keep using the uids of existing /etc/passwd entries. So running installations on real hardware will not be affected when we change the defaults--otherwise those installations on real hardware would already have had big problems regarding user accounts with the current version of Guix when someone adds a user acc= ount (system account or not) to them. Then, depending on the order of the decla= red user-accounts, the uids would have swapped. >A better solution would be to make > user accounts and groups explicit configuration wherever account- > service-type is used, so that it's possible to override them if needed. They already are explicit. For example, (gnu services monitoring) has: >(define %darkstat-accounts > (list (user-account > (name "darkstat") > (group "darkstat") > (system? #t) > (comment "darkstat daemon user") > (home-directory "/var/lib/darkstat") > (shell (file-append shadow "/sbin/nologin"))) > (user-group > (name "darkstat") > (system? #t)))) and then > (extensions > (list (service-extension account-service-type > (const %darkstat-accounts)) As you can see, the user and group accounts are already explicit. What's more, the uid (and group id) can already be specified right there, and I argue that it should be specified right there, and that there should be a stable default if it's not specified. So to summarize: (1) This bug is a real problem, and something should be done about it. (2) The reason it doesn't currently affect Guix system users is because the= re is logic preferring existing /etc/passwd, /etc/shadow and /etc/group entries (which I agree is a good idea). Doesn't help for guix system container, th= ough. Or for NFS network file systems. Any time you have more than one computer (even with Guix on it) with a filesystem in the network and regular users, you have to have consistent uids or have a lot of weird uid maps per comput= er that someone has to maintain, or worse, an extra service just mapping them. Why do that to yourself? (3) For /etc/shadow, it also makes sense to keep the existing entry (the us= er name is the key for the search for it btw) because of the password set. (4) It makes sense to keep the existing /etc/{passwd,shadow,group} entries = both for backward compatibility and also for extensibility of guix with user & g= roup accounts guix knows nothing about. (5) Also for not having this bug with containers, it would still be better = to just make uid and gid mandatory for "user-account" records. (6) Since (5) would move the burden to the user, it would be better usabili= ty to generate uid and gid in a deterministic manner as a default. Both (5) and (6) can be done even now without problems because of (2). --Sig_/4F9etEZHa5OAgo_R2mI+fjA Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEds7GsXJ0tGXALbPZ5xo1VCwwuqUFAl/vYNQACgkQ5xo1VCww uqXjIgf/a3oYUVFXIxWvOQuPlfCUIqmNducup/1Ak0xgM7vc5NYdxFfLef1FResi l3meMnL4ZbmECInGrQ9NicXPuod94wU30wHc20dB3ZvGxgifqvyXaKi8fo+oruEb e8GVi8jS+MzypsrzF0sGihb0DUHI54TCvFhUZAg3pXeZPgK/9P/5NXbQEhsqnEuU IbBcufV5YrzI6ngpDERyfIikIblJhhP7EgDiSJd6rcRRTN9bkvuKD97lcDK1RVe2 hioRw/G7ic5EvDJ2gKucaT6YIHQJRXriQ1emLyPSNkuj+9HFGRWM1QydhPhbQMA3 XcJIgPZjHaNLFLG9kQ745EatiTN9nw== =ZiyK -----END PGP SIGNATURE----- --Sig_/4F9etEZHa5OAgo_R2mI+fjA--