From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 3BA90139085 for ; Sun, 29 Jan 2017 02:23:06 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 572F3141E1; Sun, 29 Jan 2017 02:22:58 +0000 (UTC) Received: from mail-yw0-x242.google.com (mail-yw0-x242.google.com [IPv6:2607:f8b0:4002:c05::242]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 05B3223401F for ; Sun, 29 Jan 2017 02:22:57 +0000 (UTC) Received: by mail-yw0-x242.google.com with SMTP id l16so7396726ywb.2 for ; Sat, 28 Jan 2017 18:22:57 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to; bh=X9uC2ZfCrQ+N4maeAcDrtOJPvz6S3k2cB+Snr4oTMYY=; b=OTYsIB3hYiDMSDUWL7w8w/7/oJaJJSIXJqlkmsehzgj+0eyNIaFFy2gzs3nJ/zQeA6 eeREefwp4EV5mWeI8t5fAZLABohuupdN0qK/fNE9b53EQ1Yig4iBxZfGHk5PYeKQL4zy C8uTwRP+LCWA6YVBaXXKQJevrM12U12Fr8Y/rIa2vE7OL41Y3Omqrd9n0rxljY0oayS4 I8EyJGy0OasWRaPeeouguAaVll0YbPouYpw6h46TL332w8BZ+8eF30sZSf3EqHjjqV9U Vj61Q9FNSE0FEtt5r/i+Z9uKbP88YArMVRVQ5WdN17No58gjDK09K3hHwmQzxnLhWB+M iVow== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to; bh=X9uC2ZfCrQ+N4maeAcDrtOJPvz6S3k2cB+Snr4oTMYY=; b=exeatJDwfVvtz+ICngT79vE0emyAT4pXFQdi0MJxV7YyiirNYOWfHaRrCH2BGx2i6g rMdB/KfKRkdwd9IaT5IDCyvV5NOCsYt8kpQBC6E56TnfaeuCSkrl8jZNtWnd72k4qcRi TSpzNJn0afUhLtL2jYLw7zI4MaCjeLxw8juKBSO3AtHH95qFc93hXG/W079a9lbJMQk2 iee0WJX+DjrCO7C5w97VFQHyP9skqDn3QdzCUAA1UBgzJX7dudi1ZQRWOb3Y0jpm0Xe1 18TBkKT0N2TqPjJYWQOuUf5xiolMwuAPz68F8/FWgUPp3mMYGVCWP3Sn6A4UyOUsd+ER gHnQ== X-Gm-Message-State: AIkVDXIl8gX1eGphe1BhD+MCzY8It3jnHohWiiY+a7H2un9EmiOYpVm7QVOvg4qBbC11kAar6pXMGXXm7CXSgw== X-Received: by 10.129.99.198 with SMTP id x189mr10157334ywb.242.1485656576888; Sat, 28 Jan 2017 18:22:56 -0800 (PST) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 Sender: freemanrich@gmail.com Received: by 10.13.239.193 with HTTP; Sat, 28 Jan 2017 18:22:56 -0800 (PST) In-Reply-To: <4a8204d4-929e-6260-957a-dcf8f82f4b24@gentoo.org> References: <9558d41c-17c0-4bbd-e2f8-02575c6d0ecd@gentoo.org> <20170127183752.500f8910@patrickm> <4a8204d4-929e-6260-957a-dcf8f82f4b24@gentoo.org> From: Rich Freeman Date: Sat, 28 Jan 2017 21:22:56 -0500 X-Google-Sender-Auth: ezZlXtA-vQR7zhrm2iEgMrWDZFg Message-ID: Subject: Re: [gentoo-dev] Requirements for UID/GID management To: gentoo-dev Content-Type: text/plain; charset=UTF-8 X-Archives-Salt: 3223aade-4c45-4cba-8bd6-da9a15698f2f X-Archives-Hash: 92928f218b24b32fb8e4d066b9173fd2 On Sat, Jan 28, 2017 at 8:56 PM, Michael Orlitzky wrote: > On 01/27/2017 11:21 PM, Rich Freeman wrote: >> >> It isn't like inconsistent UIDs are the end of the world. However, >> IMO it still makes sense to at least try to standardize such things. >> Really, if you have a package always installing the same user simply >> sticking a default UID without any effort to avoid collisions is >> better than nothing, but having a wiki page where people can register >> UIDs isn't that big a deal. >> > > Here's a problem I have no solution for. Suppose we tell everyone to > pick a fixed UID for their user packages. I have a randomly assigned > "tcpdump" user as UID 102 on my machine today. If we roll this out next > week and the tcpdump maintainer chooses UID=321 as his fixed UID, what > happens when I go to install sys-user/tcpdump? Every option is bad: > > * Keep the existing user. Now its UID is wrong. You might say "so > what," but the majority of users on the majority of systems are > going to have this problem, so you have to wonder what we've > gained by deciding on fixed UIDs and then ultimately assigning > them randomly anyway. Honestly, I really will say "so what" here. :) Sure, it isn't a perfect solution, but it costs you nothing, and the fallback is just random UIDs, which as we've already established aren't a huge problem. For new installs things will be more consistent. It is of course possible to remap UIDs, but I don't think we should ever try to do this automatically, because only the user can know if every filesystem that might contain the old UIDs is actually mounted, or if they mind find killing their drives at the moment, or if anything important is running under the old uid. I'm sure somebody will end up offering up a script at some point that will remap an existing Gentoo install in single user mode to the new defaults if somebody wishes to do so. The bottom line is that I think at least picking some defaults is going to result in a typical new install having matching uids, which is going to make life easier for small-scale multi-host setups (NFS, containers, etc). No, it will never work at the enterprise scale (for starters, other distros will probably come into play), and it doesn't matter for a standalone box. However, just putting a stick in the mud will give 95% of the benefit for zero additional work. And the fallback to random IDs is already implemented anyway. So, don't try to fix the decades-old boxes. By now everybody who has them has beards gray enough to deal with any issues, and they'll have to have been dealing with them all along anyway. -- Rich