From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id E1231139085 for ; Sun, 29 Jan 2017 17:25:46 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 3955C1452E; Sun, 29 Jan 2017 17:22:30 +0000 (UTC) Received: from mail.wilcox-tech.com (mail.foxkit.us [45.32.83.9]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id BD06B14391 for ; Sun, 29 Jan 2017 17:22:29 +0000 (UTC) Received: (qmail 2321 invoked from network); 29 Jan 2017 17:22:26 -0000 Received: from ip68-13-242-69.ok.ok.cox.net (HELO ?10.1.1.57?) (awilcox@wilcox-tech.com@68.13.242.69) by mail.foxkit.us with ESMTPA; 29 Jan 2017 17:22:26 -0000 Subject: Re: [gentoo-dev] Requirements for UID/GID management To: gentoo-dev@lists.gentoo.org References: <9558d41c-17c0-4bbd-e2f8-02575c6d0ecd@gentoo.org> <20170127183752.500f8910@patrickm> <4a8204d4-929e-6260-957a-dcf8f82f4b24@gentoo.org> <9bceefb9-f7d2-06a4-2304-d31f627f7656@gentoo.org> From: "A. Wilcox" Organization: =?UTF-8?Q?Ad=c3=a9lie_Linux?= Message-ID: <588E24D1.8030703@adelielinux.org> Date: Sun, 29 Jan 2017 11:22:25 -0600 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.5.0 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 In-Reply-To: <9bceefb9-f7d2-06a4-2304-d31f627f7656@gentoo.org> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Archives-Salt: 8b28fbfc-5424-49e1-bfe2-09a4c1e31f47 X-Archives-Hash: 7b4bfa55b9805864ed54d4ec1cb4e6b6 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 29/01/17 11:05, Michael Orlitzky wrote: > On 01/29/2017 03:26 AM, Alan McKinnon wrote: >>> >>> Can anyone think of an upgrade path for fixed UIDs? That issue >>> aside, I may have convinced myself that fixed UIDs are better. >> >> The general process I would recommend is that if the ebuild finds >> the user already exists, leave it, it's UID and it's file >> ownerships alone, and keep them as they are. If the user does not >> exist then create it. > > That's what I've got it doing now... > > >> Preferably use a pre-assigned UID/GID so there is some >> consistency with most other Gentoo things out there. > > This is the only point we have left to consider. To recap, there > are three approaches to try: > > 1 Truly fixed IDs. Every user gets the UID it wants, or it doesn't > get created. The UIDs are all determined beforehand. > > 2 Mostly random UIDs, and the few packages that need to specify > one can do so. Usually installation will never fail, but if some > user specifies a particular UID and doesn't get it, we die(). > > 3 Mostly fixed UIDs, but with a fallback to random ones if you > don't get the UID you want. Here, everyone specifies their > "preferred" UID, and we try that first. If it doesn't work, you get > the random assignment. You could easily start with #3, and after some years, move to #1. Anyone with a 20 year old Gentoo install (by that time) should expect to have to do very heavy lifting. I for one am more than willing to do whatever shell commands necessary to make all my Gentoo installs agree on UIDs and get #1 now, but I realise most people are not. - --arw - -- A. Wilcox (awilfox) Project Lead, Adélie Linux http://adelielinux.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJYjiTOAAoJEMspy1GSK50UCgYP/j7zBRAiL6w7fACER+A+J/3x keXe4OsBzlNsUxqC+BrQ/Y9tCSJnIHRIs6ozQCgEdfAKJfkLqkSmKAY3O3RT+mho VzjUCibftf/UNGOnFf6BqXCeBEjtV1YA7URlYumNyHxdG/AFIICWYFSSTLwzJoR1 91wqJmbcUI3LtQXoXodaYC2nbUWvcbO8RyxpDmxZ33L8xj1lAgpuFNcdEs+Rscxp oDK4zJC/K8wUYTUR2YO1Lb3lPF6qgJbMcX0YpQaXIGeYA2PXf4O+LqTXmGNr4O9r DFM3dbPgq2YPuHORACUY5YsmPBjHiaJlgzJo2WrhnIc2D1MPhA430Xlloiua3kF9 G7yqkz7mhBtJFrExoQ2MrtXMB5vwDUZ+3qrBzx/cKfxpSzsRck5NZ27eWK0oEpg2 fAUFJT7iIwSD3WyLkQbc2HHQ5nnTlnrBHM56YgCIPgz1Y4aNSB7hA+tCfQj4CNZC Y25d9VzBM2KclASiH6ROQLK5EyU0joMtZvTRx89b8SJV+AebLeaWtCsGe41KeF/W iDSnPGXtKRLYZtdebxGCXZwbaUVCRu/cIH2TXMpWDjm0iw3GoFZ6jiLveRCns59U UecZNQph5tPc/HBX2zCTTmH3jNfifSfb525aHVnUSVlyTWa8SQzw2jlnOuAkI33q 8MY5++CHplEPGVCvYMrc =99NE -----END PGP SIGNATURE-----