all messages for Guix-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed
From: Jason Conroy <conjaroy@gmail.com>
To: Danny Milosavljevic <dannym@scratchpost.org>, 45571@debbugs.gnu.org
Subject: bug#45571: Support stable uids and gids for all accounts
Date: Fri, 1 Jan 2021 11:26:18 -0500	[thread overview]
Message-ID: <CABWzUjXg6rZhniTdruFA=TZQhjRR+Ft5CSYqVNrS-PrdD6rxyA@mail.gmail.com> (raw)
In-Reply-To: <20210101154504.28a18674@scratchpost.org>

[-- Attachment #1: Type: text/plain, Size: 2514 bytes --]

Hi Danny,

Your idea has a definite elegance to it. :) I did not realize that Linux
supported 32-bit UIDs out-of-the-box. Still, I wonder if this could
introduce support challenges for packages that incorrectly assume UIDs are
16 bits wide, since they traditionally were that way in UNIX, and since
other Linux distros still seem to prefer small UIDs in their packaging. By
comparison, my earlier idea of declaring static UIDs/GIDs in the
operating-system is decidedly less elegant, but it avoids this particular
risk. Can we be confident that this class of integer width bugs is
extremely rare?

On Fri, Jan 1, 2021 at 9:49 AM Danny Milosavljevic <dannym@scratchpost.org>
wrote:

> Hi,
>
> I agree that user ids and group ids should be made stable, even in general.
>
> I, too, have been bitten by this.  (So would everyone else if Guix touched
> existing UNIX accounts in general)
>
> The right way to make them stable is for Guix ot default each uid to the
> hash
> of the user name.
>
> That said, we'd want to leave free some range of the integer uids for the
> usual
> suspects (yp, samba) to allocate domain users there.
>
> The place to change is gnu/system/accounts.scm.  It would need to be
> changed
> to do something similar for the "uid" field that it already does for the
> "home-directory" field.
>
> According to the source code of "useradd" in the package "shadow", it uses
> the following range to use for automatic uid assignment:
>
> Range starts at SYS_UID_MIN (default 1) for system user account uids, and
> stops
> at SYS_UID_MAX (default (UID_MIN - 1)).
>
> For non-system user account uids, it starts at UID_MIN (default 1000) and
> stops at 60000 (UID_MAX).
>
> See /etc/login.defs for the configured values.
>
> Note that Linux has no problem using 32 bit uids.
>
> If we want to make it possible for Guix to distinguish system from
> non-system
> accounts by having different uid ranges for each, "system?" in the
> <user-account> record would need to be moved to the front.
> Then, in order to be backward compatible, custom procedures/macros
> "make-user-account" and "user-account" would need to be provided with the
> parameters in the previous order.
>
> Should not be difficult to do--as always, the main work is in agreeing what
> should be done, and in testing it after it's done.  The actual change is
> like
> 10 lines of source code.
>
> (An easier workaround would be to make the uid mandatory, with the default
> being failure.  But that would be the "punting" solution)
>

[-- Attachment #2: Type: text/html, Size: 3066 bytes --]

  reply	other threads:[~2021-01-01 16:28 UTC|newest]

Thread overview: 25+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <58174c197a7b42b29927c492d25e28c684d199ea.camel@student.tugraz.at>
2020-12-31 18:18 ` bug#45571: Support stable uids and gids for system accounts in a container Jason Conroy
2021-01-01 14:47   ` bug#45571: Support stable uids and gids for all accounts Danny Milosavljevic
2021-01-01 16:26     ` Jason Conroy [this message]
2021-01-01 17:36       ` Danny Milosavljevic
2021-01-01 16:20   ` Leo Prikler
2021-01-01 17:50     ` Danny Milosavljevic
2021-01-01 18:44       ` Leo Prikler
2021-01-01 20:22         ` Danny Milosavljevic
2021-01-02  0:25   ` bug#45571: Fwd: " Leo Prikler
2021-01-02  1:40     ` Danny Milosavljevic
2021-01-02  3:10       ` Leo Prikler
2021-01-02 14:02         ` Jason Conroy
2021-01-02 14:29           ` Leo Prikler
2021-01-02 14:52             ` Jason Conroy
2021-01-02 15:35               ` Leo Prikler
2021-01-02 15:58                 ` Jason Conroy
2021-01-02 14:50           ` Danny Milosavljevic
2021-01-02 15:03             ` Jason Conroy
2021-01-02 15:18             ` Leo Prikler
2021-01-02  1:30   ` Danny Milosavljevic
2021-04-07  7:13   ` bug#45571: Support stable uids and gids for system accounts in a container Brendan Tildesley via Bug reports for GNU Guix
2021-06-10  6:02     ` Arun Isaac
2021-01-02 15:04 ` bug#45571: Support stable uids and gids for all accounts Danny Milosavljevic
2021-01-02 15:25   ` Leo Prikler
2021-01-06 10:03   ` Ludovic Courtès

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CABWzUjXg6rZhniTdruFA=TZQhjRR+Ft5CSYqVNrS-PrdD6rxyA@mail.gmail.com' \
    --to=conjaroy@gmail.com \
    --cc=45571@debbugs.gnu.org \
    --cc=dannym@scratchpost.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/guix.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.