From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id CIxsHYs271+1fgAA0tVLHw (envelope-from ) for ; Fri, 01 Jan 2021 14:49:47 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0 with LMTPS id aOU0GYs271+hVgAA1q6Kng (envelope-from ) for ; Fri, 01 Jan 2021 14:49:47 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id EDA10940367 for ; Fri, 1 Jan 2021 14:49:46 +0000 (UTC) Received: from localhost ([::1]:33406 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kvLkP-00052j-Ub for larch@yhetil.org; Fri, 01 Jan 2021 09:49:45 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:49498) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kvLji-000511-A5 for bug-guix@gnu.org; Fri, 01 Jan 2021 09:49:02 -0500 Received: from debbugs.gnu.org ([209.51.188.43]:48811) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1kvLjh-0001NZ-Rv for bug-guix@gnu.org; Fri, 01 Jan 2021 09:49:01 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1kvLjh-0003N3-R4 for bug-guix@gnu.org; Fri, 01 Jan 2021 09:49:01 -0500 X-Loop: help-debbugs@gnu.org Subject: bug#45571: Support stable uids and gids for all accounts Resent-From: Danny Milosavljevic Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Fri, 01 Jan 2021 14:49:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 45571 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Jason Conroy Received: via spool by 45571-submit@debbugs.gnu.org id=B45571.160951251512808 (code B ref 45571); Fri, 01 Jan 2021 14:49:01 +0000 Received: (at 45571) by debbugs.gnu.org; 1 Jan 2021 14:48:35 +0000 Received: from localhost ([127.0.0.1]:60309 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kvLjG-0003KT-Oj for submit@debbugs.gnu.org; Fri, 01 Jan 2021 09:48:34 -0500 Received: from dd26836.kasserver.com ([85.13.145.193]:52972) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kvLiG-0003Cw-Ot for 45571@debbugs.gnu.org; Fri, 01 Jan 2021 09:47:33 -0500 Received: from localhost (80-110-127-104.cgn.dynamic.surfer.at [80.110.127.104]) by dd26836.kasserver.com (Postfix) with ESMTPSA id 1638F3362EF8; Fri, 1 Jan 2021 15:47:31 +0100 (CET) Date: Fri, 1 Jan 2021 15:47:28 +0100 From: Danny Milosavljevic Message-ID: <20210101154504.28a18674@scratchpost.org> In-Reply-To: References: X-Mailer: Claws Mail 3.17.8 (GTK+ 2.24.32; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="Sig_/Z/k7LrfZ2VSyz7UEzumfASL"; protocol="application/pgp-signature"; micalg=pgp-sha512 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-guix@gnu.org List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org Sender: "bug-Guix" X-Migadu-Flow: FLOW_IN X-Migadu-Spam-Score: -2.43 Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of bug-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=bug-guix-bounces@gnu.org X-Migadu-Queue-Id: EDA10940367 X-Spam-Score: -2.43 X-Migadu-Scanner: scn1.migadu.com X-TUID: 45P1w5D/Ta6Z --Sig_/Z/k7LrfZ2VSyz7UEzumfASL Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Hi, I agree that user ids and group ids should be made stable, even in general. I, too, have been bitten by this. (So would everyone else if Guix touched existing UNIX accounts in general) The right way to make them stable is for Guix ot default each uid to the ha= sh of the user name. That said, we'd want to leave free some range of the integer uids for the u= sual suspects (yp, samba) to allocate domain users there. The place to change is gnu/system/accounts.scm. It would need to be changed to do something similar for the "uid" field that it already does for the "home-directory" field. According to the source code of "useradd" in the package "shadow", it uses the following range to use for automatic uid assignment: Range starts at SYS_UID_MIN (default 1) for system user account uids, and s= tops at SYS_UID_MAX (default (UID_MIN - 1)). =20 For non-system user account uids, it starts at UID_MIN (default 1000) and stops at 60000 (UID_MAX). See /etc/login.defs for the configured values. Note that Linux has no problem using 32 bit uids. If we want to make it possible for Guix to distinguish system from non-syst= em accounts by having different uid ranges for each, "system?" in the record would need to be moved to the front. Then, in order to be backward compatible, custom procedures/macros "make-user-account" and "user-account" would need to be provided with the parameters in the previous order. Should not be difficult to do--as always, the main work is in agreeing what should be done, and in testing it after it's done. The actual change is li= ke 10 lines of source code. (An easier workaround would be to make the uid mandatory, with the default being failure. But that would be the "punting" solution) --Sig_/Z/k7LrfZ2VSyz7UEzumfASL Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEds7GsXJ0tGXALbPZ5xo1VCwwuqUFAl/vNgAACgkQ5xo1VCww uqWm/Qf7BKjeacyamWrwQD+Jcs9/iRyRbQKhRYks2uG7PbLGVsLs8j0Vv0cLGKVu IVp/22wuhs0gbwNul3lAHOaYIO1EuawaOwmIGlFt0SywSbzGfMPjPUpfVKwKsOLC rzFAQcaZgWiwOz2urPhJEONm47q6uKGCuHLqGoV58ABEFS5r/RhV/xWlSBPva+dD EX/nslH1SJB2/LHZV0UfwXD8yDOYmygYFiPDoInYf9rEZJ9DBX+jEjZtyI3i8Kzw hjWhTk7YFxcSAi0HaRRYmzVJDy99EiW/TAW4C4ThVmVws+6jP//+xdVVilYgbwey i9V78V86uC3y9uQ3oH3R3CJdmscKZQ== =FyvA -----END PGP SIGNATURE----- --Sig_/Z/k7LrfZ2VSyz7UEzumfASL--