From mboxrd@z Thu Jan 1 00:00:00 1970
Return-Path: <gentoo-dev+bounces-79381-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by finch.gentoo.org (Postfix) with ESMTPS id 3BA90139085
for <garchives@archives.gentoo.org>; Sun, 29 Jan 2017 02:23:06 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
by pigeon.gentoo.org (Postfix) with SMTP id 572F3141E1;
Sun, 29 Jan 2017 02:22:58 +0000 (UTC)
Received: from mail-yw0-x242.google.com (mail-yw0-x242.google.com [IPv6:2607:f8b0:4002:c05::242])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by pigeon.gentoo.org (Postfix) with ESMTPS id 05B3223401F
for <gentoo-dev@lists.gentoo.org>; Sun, 29 Jan 2017 02:22:57 +0000 (UTC)
Received: by mail-yw0-x242.google.com with SMTP id l16so7396726ywb.2
for <gentoo-dev@lists.gentoo.org>; Sat, 28 Jan 2017 18:22:57 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20161025;
h=mime-version:sender:in-reply-to:references:from:date:message-id
:subject:to;
bh=X9uC2ZfCrQ+N4maeAcDrtOJPvz6S3k2cB+Snr4oTMYY=;
b=OTYsIB3hYiDMSDUWL7w8w/7/oJaJJSIXJqlkmsehzgj+0eyNIaFFy2gzs3nJ/zQeA6
eeREefwp4EV5mWeI8t5fAZLABohuupdN0qK/fNE9b53EQ1Yig4iBxZfGHk5PYeKQL4zy
C8uTwRP+LCWA6YVBaXXKQJevrM12U12Fr8Y/rIa2vE7OL41Y3Omqrd9n0rxljY0oayS4
I8EyJGy0OasWRaPeeouguAaVll0YbPouYpw6h46TL332w8BZ+8eF30sZSf3EqHjjqV9U
Vj61Q9FNSE0FEtt5r/i+Z9uKbP88YArMVRVQ5WdN17No58gjDK09K3hHwmQzxnLhWB+M
iVow==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:mime-version:sender:in-reply-to:references:from
:date:message-id:subject:to;
bh=X9uC2ZfCrQ+N4maeAcDrtOJPvz6S3k2cB+Snr4oTMYY=;
b=exeatJDwfVvtz+ICngT79vE0emyAT4pXFQdi0MJxV7YyiirNYOWfHaRrCH2BGx2i6g
rMdB/KfKRkdwd9IaT5IDCyvV5NOCsYt8kpQBC6E56TnfaeuCSkrl8jZNtWnd72k4qcRi
TSpzNJn0afUhLtL2jYLw7zI4MaCjeLxw8juKBSO3AtHH95qFc93hXG/W079a9lbJMQk2
iee0WJX+DjrCO7C5w97VFQHyP9skqDn3QdzCUAA1UBgzJX7dudi1ZQRWOb3Y0jpm0Xe1
18TBkKT0N2TqPjJYWQOuUf5xiolMwuAPz68F8/FWgUPp3mMYGVCWP3Sn6A4UyOUsd+ER
gHnQ==
X-Gm-Message-State: AIkVDXIl8gX1eGphe1BhD+MCzY8It3jnHohWiiY+a7H2un9EmiOYpVm7QVOvg4qBbC11kAar6pXMGXXm7CXSgw==
X-Received: by 10.129.99.198 with SMTP id x189mr10157334ywb.242.1485656576888;
Sat, 28 Jan 2017 18:22:56 -0800 (PST)
Precedence: bulk
List-Post: <mailto:gentoo-dev@lists.gentoo.org>
List-Help: <mailto:gentoo-dev+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-dev+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-dev+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-dev.gentoo.org>
X-BeenThere: gentoo-dev@lists.gentoo.org
Reply-to: gentoo-dev@lists.gentoo.org
MIME-Version: 1.0
Sender: freemanrich@gmail.com
Received: by 10.13.239.193 with HTTP; Sat, 28 Jan 2017 18:22:56 -0800 (PST)
In-Reply-To: <4a8204d4-929e-6260-957a-dcf8f82f4b24@gentoo.org>
References: <9558d41c-17c0-4bbd-e2f8-02575c6d0ecd@gentoo.org>
<CAGfcS_=biacBM0xsy0GX3_X0mOAd3BdgHDXYorSBkmwsoQ9sgQ@mail.gmail.com>
<ee24eb83-4430-40ff-07d0-577bc188457d@gentoo.org> <CAGfcS_=V+xmBU+fFbMQBH39E9-y9CUaZt9Bok80Wg6_jboHcbQ@mail.gmail.com>
<20170127183752.500f8910@patrickm> <CAGfcS_kcXOa+NC5Eh_qGb95uEaaKsarjsK92jOuTpUB=P5sXxg@mail.gmail.com>
<4a8204d4-929e-6260-957a-dcf8f82f4b24@gentoo.org>
From: Rich Freeman <rich0@gentoo.org>
Date: Sat, 28 Jan 2017 21:22:56 -0500
X-Google-Sender-Auth: ezZlXtA-vQR7zhrm2iEgMrWDZFg
Message-ID: <CAGfcS_nVnb-USUruY3u7OfbkiBqKg=uPrHBZkRzFc4jmeA6k_Q@mail.gmail.com>
Subject: Re: [gentoo-dev] Requirements for UID/GID management
To: gentoo-dev <gentoo-dev@lists.gentoo.org>
Content-Type: text/plain; charset=UTF-8
X-Archives-Salt: 3223aade-4c45-4cba-8bd6-da9a15698f2f
X-Archives-Hash: 92928f218b24b32fb8e4d066b9173fd2
On Sat, Jan 28, 2017 at 8:56 PM, Michael Orlitzky <mjo@gentoo.org> wrote:
> On 01/27/2017 11:21 PM, Rich Freeman wrote:
>>
>> It isn't like inconsistent UIDs are the end of the world. However,
>> IMO it still makes sense to at least try to standardize such things.
>> Really, if you have a package always installing the same user simply
>> sticking a default UID without any effort to avoid collisions is
>> better than nothing, but having a wiki page where people can register
>> UIDs isn't that big a deal.
>>
>
> Here's a problem I have no solution for. Suppose we tell everyone to
> pick a fixed UID for their user packages. I have a randomly assigned
> "tcpdump" user as UID 102 on my machine today. If we roll this out next
> week and the tcpdump maintainer chooses UID=321 as his fixed UID, what
> happens when I go to install sys-user/tcpdump? Every option is bad:
>
> * Keep the existing user. Now its UID is wrong. You might say "so
> what," but the majority of users on the majority of systems are
> going to have this problem, so you have to wonder what we've
> gained by deciding on fixed UIDs and then ultimately assigning
> them randomly anyway.
Honestly, I really will say "so what" here. :)
Sure, it isn't a perfect solution, but it costs you nothing, and the
fallback is just random UIDs, which as we've already established
aren't a huge problem. For new installs things will be more
consistent.
It is of course possible to remap UIDs, but I don't think we should
ever try to do this automatically, because only the user can know if
every filesystem that might contain the old UIDs is actually mounted,
or if they mind find killing their drives at the moment, or if
anything important is running under the old uid.
I'm sure somebody will end up offering up a script at some point that
will remap an existing Gentoo install in single user mode to the new
defaults if somebody wishes to do so.
The bottom line is that I think at least picking some defaults is
going to result in a typical new install having matching uids, which
is going to make life easier for small-scale multi-host setups (NFS,
containers, etc). No, it will never work at the enterprise scale (for
starters, other distros will probably come into play), and it doesn't
matter for a standalone box. However, just putting a stick in the mud
will give 95% of the benefit for zero additional work. And the
fallback to random IDs is already implemented anyway.
So, don't try to fix the decades-old boxes. By now everybody who has
them has beards gray enough to deal with any issues, and they'll have
to have been dealing with them all along anyway.
--
Rich