From: Rich Freeman <rich0@gentoo.org>
To: gentoo-dev <gentoo-dev@lists.gentoo.org>
Subject: Re: [gentoo-dev] Requirements for UID/GID management
Date: Sat, 28 Jan 2017 21:22:56 -0500 [thread overview]
Message-ID: <CAGfcS_nVnb-USUruY3u7OfbkiBqKg=uPrHBZkRzFc4jmeA6k_Q@mail.gmail.com> (raw)
In-Reply-To: <4a8204d4-929e-6260-957a-dcf8f82f4b24@gentoo.org>
On Sat, Jan 28, 2017 at 8:56 PM, Michael Orlitzky <mjo@gentoo.org> wrote:
> On 01/27/2017 11:21 PM, Rich Freeman wrote:
>>
>> It isn't like inconsistent UIDs are the end of the world. However,
>> IMO it still makes sense to at least try to standardize such things.
>> Really, if you have a package always installing the same user simply
>> sticking a default UID without any effort to avoid collisions is
>> better than nothing, but having a wiki page where people can register
>> UIDs isn't that big a deal.
>>
>
> Here's a problem I have no solution for. Suppose we tell everyone to
> pick a fixed UID for their user packages. I have a randomly assigned
> "tcpdump" user as UID 102 on my machine today. If we roll this out next
> week and the tcpdump maintainer chooses UID=321 as his fixed UID, what
> happens when I go to install sys-user/tcpdump? Every option is bad:
>
> * Keep the existing user. Now its UID is wrong. You might say "so
> what," but the majority of users on the majority of systems are
> going to have this problem, so you have to wonder what we've
> gained by deciding on fixed UIDs and then ultimately assigning
> them randomly anyway.
Honestly, I really will say "so what" here. :)
Sure, it isn't a perfect solution, but it costs you nothing, and the
fallback is just random UIDs, which as we've already established
aren't a huge problem. For new installs things will be more
consistent.
It is of course possible to remap UIDs, but I don't think we should
ever try to do this automatically, because only the user can know if
every filesystem that might contain the old UIDs is actually mounted,
or if they mind find killing their drives at the moment, or if
anything important is running under the old uid.
I'm sure somebody will end up offering up a script at some point that
will remap an existing Gentoo install in single user mode to the new
defaults if somebody wishes to do so.
The bottom line is that I think at least picking some defaults is
going to result in a typical new install having matching uids, which
is going to make life easier for small-scale multi-host setups (NFS,
containers, etc). No, it will never work at the enterprise scale (for
starters, other distros will probably come into play), and it doesn't
matter for a standalone box. However, just putting a stick in the mud
will give 95% of the benefit for zero additional work. And the
fallback to random IDs is already implemented anyway.
So, don't try to fix the decades-old boxes. By now everybody who has
them has beards gray enough to deal with any issues, and they'll have
to have been dealing with them all along anyway.
--
Rich
next prev parent reply other threads:[~2017-01-29 2:23 UTC|newest]
Thread overview: 55+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-01-27 17:54 [gentoo-dev] Requirements for UID/GID management Michael Orlitzky
2017-01-27 18:19 ` Alexis Ballier
2017-01-27 18:52 ` Rich Freeman
2017-01-27 19:35 ` Michael Orlitzky
2017-01-27 19:53 ` Rich Freeman
2017-01-27 20:09 ` Michael Orlitzky
2017-01-27 21:23 ` Rich Freeman
2017-01-28 3:02 ` [gentoo-dev] " Duncan
2017-01-28 2:37 ` [gentoo-dev] " Patrick McLean
2017-01-28 3:20 ` Michael Orlitzky
2017-01-28 4:21 ` Rich Freeman
2017-01-29 1:56 ` Michael Orlitzky
2017-01-29 2:22 ` Rich Freeman [this message]
2017-01-29 2:48 ` Michael Orlitzky
2017-01-29 2:54 ` Michael Orlitzky
2017-01-29 3:23 ` Gordon Pettey
2017-01-29 3:36 ` M. J. Everitt
2017-01-29 3:42 ` Michael Orlitzky
2017-01-29 10:03 ` Ulrich Mueller
2017-01-29 11:16 ` Michał Górny
2017-01-29 17:19 ` Michael Orlitzky
2017-01-29 3:05 ` M. J. Everitt
2017-01-29 8:26 ` Alan McKinnon
2017-01-29 17:05 ` Michael Orlitzky
2017-01-29 17:22 ` A. Wilcox
2017-01-29 19:31 ` james
2017-01-29 22:07 ` Alan McKinnon
2017-01-29 22:20 ` Michael Orlitzky
2017-01-29 22:30 ` Alan McKinnon
2017-01-29 23:04 ` Michael Orlitzky
2017-01-30 14:25 ` Alan McKinnon
2017-01-30 16:29 ` Michael Orlitzky
2017-01-30 18:05 ` Patrick McLean
2017-01-30 18:22 ` Michael Orlitzky
2017-01-30 18:43 ` Kristian Fiskerstrand
2017-02-03 14:51 ` [gentoo-dev] " Martin Vaeth
2017-02-03 19:29 ` Michael Orlitzky
2017-02-04 8:50 ` Christopher Head
2017-02-04 15:02 ` Michael Orlitzky
2017-02-04 18:03 ` Martin Vaeth
2017-01-28 11:28 ` [gentoo-dev] " James Le Cuirot
2017-01-28 22:54 ` Patrick McLean
2017-01-28 18:13 ` A. Wilcox
2017-01-28 19:32 ` James Le Cuirot
2017-01-28 20:34 ` Rich Freeman
2017-01-28 21:29 ` James Le Cuirot
2017-01-29 17:16 ` A. Wilcox
2017-01-29 17:34 ` James Le Cuirot
2017-01-27 19:45 ` Gregory Woodbury
2017-01-28 11:32 ` Tom H
2017-01-27 21:15 ` Michał Górny
2017-01-28 0:10 ` Michael Orlitzky
2017-01-29 22:13 ` Michael Orlitzky
2017-01-29 23:34 ` Ulrich Mueller
2017-01-29 23:45 ` Michael Orlitzky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAGfcS_nVnb-USUruY3u7OfbkiBqKg=uPrHBZkRzFc4jmeA6k_Q@mail.gmail.com' \
--to=rich0@gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox