From: Leo Prikler <leo.prikler@student.tugraz.at>
To: Danny Milosavljevic <dannym@scratchpost.org>,
Jason Conroy <conjaroy@gmail.com>
Cc: 45571@debbugs.gnu.org
Subject: bug#45571: Fwd: Re: bug#45571: Support stable uids and gids for all accounts
Date: Sat, 02 Jan 2021 16:18:57 +0100 [thread overview]
Message-ID: <fd0727b3a49d267354a1d35b697477302babb0e0.camel@student.tugraz.at> (raw)
In-Reply-To: <20210102155002.2360e505@scratchpost.org>
Hi Danny,
Am Samstag, den 02.01.2021, 15:50 +0100 schrieb Danny Milosavljevic:
> [...]
> I agree, if in addition.
>
> (Or if a registry is undesireable, calculate the uids by user name.
> These are the possibilities. If hashing user names is too uncommon
> on
> UNIX elsewhere, I say that we have no /usr or /lib, so we are not
> exactly doing
> common things in Guix because they are common--what we do really
> depends on the
> merits)
I don't think hashing has much merit if you have the range of 100-1000
to work with. Using the full 32 bit integer range also feels like a
hack just to enable hashing, and even then hash functions targeting 32
bit integers are not known to be the most secure in this world. In
other words, hashing user names into IDs is little more than theatre
and while it can certainly mitigate the underlying issue in *some*
cases, it is not by itself a solution.
> > > From the solutions we do have so far, I believe that making user
> > > accounts an explicit part of service configuration (in what shape
> > > may
> > > still be up for debate),
>
> Not everything needs to be user configurable. You suggest having
> these kinds
> of things especially user-configurable as a work-around for them not
> being
> stable, right? Or do you want it in general?
I believe there might be a general utility for that if we're not going
to use an existing passwd as oracle. In that case, you would need a
way of claiming those IDs from the config.scm.
Other than that, I believe you pointed out an NFS example, where it
could also be beneficial to sync up user/system accounts with the IDs
they have on other machines within the network. Of course, if all
machines within the network use Guix, that point is moot, but there
might be a case when you want to play nice with that one old Debian
server.
> I would like to avoid them here, if only needed for that reason.
>
> (Also, if they are user-configurable, then it's much easier for uid
> collisions
> to happen than if Guix manages them)
Sure, but either way we'll need a collision checker, will we not?
> So after thinking about it some more, I disagree that that is the
> best option
> for this specific problem.
>
> In my opinion, the best option here is all of these things:
>
> (1) To document that you need to seed /etc/passwd (for Docker etc)
> (2) For guix system container to default to the host's /etc/passwd
> and
> (3) For guix system container to add and retain (!) its own
> /etc/passwd for
> accounts only it has (merged together with the host's /etc/passwd for
> ease
> of implementation)
That's also a solution and I think I'd prefer that over spamming IDs
throughout the codebase.
> The suggestions I made before that would obsolete /etc/passwd storage
> got
> watered down to a version where they don't obsolete /etc/passwd
> storage and
> thus I oppose doing them in that form. It would be making the stuff
> more
> complicated--and now you'd have TWO /etc/passwd:
>
> * one /etc/template-passwd (for the uid registry)
> (might as well integrate that into guix as a scheme file, though),
> * and one /etc/passwd with the currently created users.
>
> This seems to be excessive just for making uids stable.
FWIW I think taking the passwd-seed as a file-like object, that
defaults to using the host's /etc/passwd might work here, but I'm not
completely sure.
> > That seems reasonable to me. As for representation, I think there's
> > value
> > decoupling these settings from a service's own config so that
> > support for
> > custom UIDs/GIDs remains consistent across services.
>
> Is there a need for using custom service UIDs?
> I think if so, that is independent of this bug report, which asked
> for
> stable UIDs and GIDs.
I agree, the discourse regarding that has been muddled a bit, but since
custom implies stable I don't think this option can be completely
discarded. Of course, both stability and customization are also given
by a passwd-seed, so if we choose that implementation, other means of
customization might not be needed.
Regards,
Leo
next prev parent reply other threads:[~2021-01-02 15:20 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <58174c197a7b42b29927c492d25e28c684d199ea.camel@student.tugraz.at>
2020-12-31 18:18 ` bug#45571: Support stable uids and gids for system accounts in a container Jason Conroy
2021-01-01 14:47 ` bug#45571: Support stable uids and gids for all accounts Danny Milosavljevic
2021-01-01 16:26 ` Jason Conroy
2021-01-01 17:36 ` Danny Milosavljevic
2021-01-01 16:20 ` Leo Prikler
2021-01-01 17:50 ` Danny Milosavljevic
2021-01-01 18:44 ` Leo Prikler
2021-01-01 20:22 ` Danny Milosavljevic
2021-01-02 0:25 ` bug#45571: Fwd: " Leo Prikler
2021-01-02 1:40 ` Danny Milosavljevic
2021-01-02 3:10 ` Leo Prikler
2021-01-02 14:02 ` Jason Conroy
2021-01-02 14:29 ` Leo Prikler
2021-01-02 14:52 ` Jason Conroy
2021-01-02 15:35 ` Leo Prikler
2021-01-02 15:58 ` Jason Conroy
2021-01-02 14:50 ` Danny Milosavljevic
2021-01-02 15:03 ` Jason Conroy
2021-01-02 15:18 ` Leo Prikler [this message]
2021-01-02 1:30 ` Danny Milosavljevic
2021-04-07 7:13 ` bug#45571: Support stable uids and gids for system accounts in a container Brendan Tildesley via Bug reports for GNU Guix
2021-06-10 6:02 ` Arun Isaac
2021-01-02 15:04 ` bug#45571: Support stable uids and gids for all accounts Danny Milosavljevic
2021-01-02 15:25 ` Leo Prikler
2021-01-06 10:03 ` Ludovic Courtès
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=fd0727b3a49d267354a1d35b697477302babb0e0.camel@student.tugraz.at \
--to=leo.prikler@student.tugraz.at \
--cc=45571@debbugs.gnu.org \
--cc=conjaroy@gmail.com \
--cc=dannym@scratchpost.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).