From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 2C7B81382C5 for ; Fri, 30 Mar 2018 19:24:09 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 6BD79E0953; Fri, 30 Mar 2018 19:24:03 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id F2244E0923 for ; Fri, 30 Mar 2018 19:24:02 +0000 (UTC) Received: from symphony.aura-online.co.uk (154.189.187.81.in-addr.arpa [81.187.189.154]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: chewi) by smtp.gentoo.org (Postfix) with ESMTPSA id F26ED335CFD for ; Fri, 30 Mar 2018 19:24:00 +0000 (UTC) Date: Fri, 30 Mar 2018 20:23:49 +0100 From: James Le Cuirot To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] Re : Modification proposal for user/group creation when ROOT!="/" Message-ID: <20180330202349.57ea1fa2@symphony.aura-online.co.uk> In-Reply-To: <160839029.2375229.1522435938193@mail.yahoo.com> References: <160839029.2375229.1522435938193.ref@mail.yahoo.com> <160839029.2375229.1522435938193@mail.yahoo.com> X-Mailer: Claws Mail 3.16.0 (GTK+ 2.24.31; x86_64-pc-linux-gnu) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; boundary="Sig_/.kFIfQcrMZW.HW9n=c4J_lI"; protocol="application/pgp-signature" X-Archives-Salt: 95d23ba2-9456-4cb1-a029-25460daccf7a X-Archives-Hash: 02c09762d6f3c7fcf8ff34093896e2fe --Sig_/.kFIfQcrMZW.HW9n=c4J_lI Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable On Fri, 30 Mar 2018 18:52:18 +0000 (UTC) Farid BENAMROUCHE wrote: > Yes, two years ago I've posted here to notify you about the creattion of = users and groups when using "ROOT=3D". > As a reminder, if you currently emerge a package to a specific rootfs fol= der, some packages will actually not create the user and groups correctly i= nside this rootfs. > It will also not check for the existance of the user/group inside of the = rootfs. > Everytime, it will check "/". >=20 > This very old gentoo issue (I have to find again the GLEP talking about t= his issue). >=20 > The solution is not possible without changing the behaviour of the tools = used by portage. For example, portage is using shadow in most systems (and = shadow is using the glibc). Hi, I have an interest this and was one of the early commenters in bug #541406. I made my own suggestions about how this might work. Your solution is cleaner in that it doesn't require modifying the users in the / system but it does require significant changes to tools, eclasses, and ebuilds so I'm on the fence about it. I did just have a lightbulb moment though. I've been playing with unshare recently and I wondered if we could leverage it here. First I tried this. $ sudo unshare -m /bin/sh -c "mount --bind /mnt/somewhere/etc/group /etc/= group && groupadd foo" groupadd: failure while writing changes to /etc/group It is possible to bind mount individual files but it doesn't work here because it tries to rename /etc/group to made a backup. Next I tried the whole directory but it gives a strange error. $ sudo unshare -m /bin/sh -c "mount --bind /mnt/somewhere/etc /etc && gro= upadd foo" groupadd: Cannot determine your user name. This reveals more. $ sudo unshare -m /bin/sh -c "id && mount --bind /mnt/utilite/mnt/moi/etc= /etc && id" =20 uid=3D0(root) gid=3D0(root) groups=3D0(root),1(bin),2(daemon),3(sys),4(ad= m),6(disk),10(wheel),11(floppy),20(dialout),26(tape),27(video) uid=3D0 gid=3D0 groups=3D0,1,2,3,4,6,10,11,20,26,27 I'm not sure why the IDs break like this and strace doesn't make it any clearer. This seems like a route worth pursuing though because you could create a bunch of wrappers for useradd, groupadd, chown and so on and it would then all work transparently, even when not using the eclass functions. Regards, --=20 James Le Cuirot (chewi) Gentoo Linux Developer --Sig_/.kFIfQcrMZW.HW9n=c4J_lI Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQKTBAEBCgB9FiEEUo3mvYaRpDkf2i7UIcYyEpxtfeQFAlq+jsZfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDUy OERFNkJEODY5MUE0MzkxRkRBMkVENDIxQzYzMjEyOUM2RDdERTQACgkQIcYyEpxt feQQ2A/9G+juNFLSr7nP0D9XrRb5Jvw+IuZzti5iD1M+OW1AmEC30JnnDsbOJfiv q7lldX6L5teULGgqH69YBp7zYzEm7DEw0h6fywkys2atmE0hRW320vhHcg4t5G/w l3CxHcRTCgKDnb36ACgtwEj8ffuzf6m0XsQCfu2GebuV1q1SYH3PlS0asUiHKeZ6 R0vEuEiA2sPKlN/QpsEJFDY04FD8V2koY9YRipw67NKwwaXaREN6keNsRlbj8WVS oOMdM+Qit69iaytUbtyag4lPmg1cn+FVF5Hcv4jhQUrpO5QwB4b2tLGU8Lsfdx0c HCr5BHjZrU+QeP5VTYAyOYDKekneNgsU4rfTG5lKAmbBel7F+BUyTq6AW5guA3jL gOooLspifCtStRR00vuJGU+GTsCNwXwbap24pP4uPYMQlM+3LZyUyojWGjtEc58h 3x2HqhEbcsZzqREAeSO0auPMH6OnUXLRPQCnZGNkDJKqEwQhoSqFxr98kE6snyuo VOyk9Bx8Zg/F9+RwVDUw69sjoNyORp1nJleMeOhwk7ST1uQ8rQMv7dCYkap8QsxY rxupViWV5DRPv6RAoWG79wqKRRdQHYrPvmx4taff3cizailG9fDWibqsNyecVN35 tPnNpthAc1P8rLeajJRuk/PxrzZnHGyz/I1aeW76cZu8BYkOw+w= =kA0S -----END PGP SIGNATURE----- --Sig_/.kFIfQcrMZW.HW9n=c4J_lI--