On Fri, 30 Mar 2018 18:52:18 +0000 (UTC) Farid BENAMROUCHE wrote: > Yes, two years ago I've posted here to notify you about the creattion of users and groups when using "ROOT=". > As a reminder, if you currently emerge a package to a specific rootfs folder, some packages will actually not create the user and groups correctly inside this rootfs. > It will also not check for the existance of the user/group inside of the rootfs. > Everytime, it will check "/". > > This very old gentoo issue (I have to find again the GLEP talking about this issue). > > The solution is not possible without changing the behaviour of the tools used by portage. For example, portage is using shadow in most systems (and shadow is using the glibc). Hi, I have an interest this and was one of the early commenters in bug #541406. I made my own suggestions about how this might work. Your solution is cleaner in that it doesn't require modifying the users in the / system but it does require significant changes to tools, eclasses, and ebuilds so I'm on the fence about it. I did just have a lightbulb moment though. I've been playing with unshare recently and I wondered if we could leverage it here. First I tried this. $ sudo unshare -m /bin/sh -c "mount --bind /mnt/somewhere/etc/group /etc/group && groupadd foo" groupadd: failure while writing changes to /etc/group It is possible to bind mount individual files but it doesn't work here because it tries to rename /etc/group to made a backup. Next I tried the whole directory but it gives a strange error. $ sudo unshare -m /bin/sh -c "mount --bind /mnt/somewhere/etc /etc && groupadd foo" groupadd: Cannot determine your user name. This reveals more. $ sudo unshare -m /bin/sh -c "id && mount --bind /mnt/utilite/mnt/moi/etc /etc && id" uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel),11(floppy),20(dialout),26(tape),27(video) uid=0 gid=0 groups=0,1,2,3,4,6,10,11,20,26,27 I'm not sure why the IDs break like this and strace doesn't make it any clearer. This seems like a route worth pursuing though because you could create a bunch of wrappers for useradd, groupadd, chown and so on and it would then all work transparently, even when not using the eclass functions. Regards, -- James Le Cuirot (chewi) Gentoo Linux Developer