From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 149F6139085 for ; Sun, 29 Jan 2017 19:31:32 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id D10631446B; Sun, 29 Jan 2017 19:31:17 +0000 (UTC) Received: from omr-m004e.mx.aol.com (omr-m004e.mx.aol.com [204.29.186.4]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 89D221445B for ; Sun, 29 Jan 2017 19:31:17 +0000 (UTC) Received: from mtaout-mad01.mx.aol.com (mtaout-mad01.mx.aol.com [172.26.221.205]) by omr-m004e.mx.aol.com (Outbound Mail Relay) with ESMTP id A2F2C38000AB for ; Sun, 29 Jan 2017 14:31:16 -0500 (EST) Received: from [192.168.1.52] (0x5b3139322e3136382e312e35325d [71.122.242.106]) by mtaout-mad01.mx.aol.com (MUA/Third Party Client Interface) with ESMTPA id 030B038000087; Sun, 29 Jan 2017 14:31:15 -0500 (EST) Subject: Re: [gentoo-dev] Requirements for UID/GID management To: gentoo-dev@lists.gentoo.org References: <9558d41c-17c0-4bbd-e2f8-02575c6d0ecd@gentoo.org> <20170127183752.500f8910@patrickm> <4a8204d4-929e-6260-957a-dcf8f82f4b24@gentoo.org> <9bceefb9-f7d2-06a4-2304-d31f627f7656@gentoo.org> <588E24D1.8030703@adelielinux.org> From: james Message-ID: Date: Sun, 29 Jan 2017 14:31:15 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.6.0 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 In-Reply-To: <588E24D1.8030703@adelielinux.org> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 8bit x-aol-global-disposition: G x-aol-sid: 3039ac1addcd588e4303084c X-AOL-IP: 71.122.242.106 X-Archives-Salt: f277122e-2914-4a1b-b78a-1f64ad75b7a1 X-Archives-Hash: 520ced2e8d1ce6382d2d391b8eb3bf08 On 01/29/2017 12:22 PM, A. Wilcox wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > On 29/01/17 11:05, Michael Orlitzky wrote: >> On 01/29/2017 03:26 AM, Alan McKinnon wrote: >>>> >>>> Can anyone think of an upgrade path for fixed UIDs? That issue >>>> aside, I may have convinced myself that fixed UIDs are better. >>> >>> The general process I would recommend is that if the ebuild finds >>> the user already exists, leave it, it's UID and it's file >>> ownerships alone, and keep them as they are. If the user does not >>> exist then create it. >> >> That's what I've got it doing now... >> >> >>> Preferably use a pre-assigned UID/GID so there is some >>> consistency with most other Gentoo things out there. >> >> This is the only point we have left to consider. To recap, there >> are three approaches to try: >> >> 1 Truly fixed IDs. Every user gets the UID it wants, or it doesn't >> get created. The UIDs are all determined beforehand. >> >> 2 Mostly random UIDs, and the few packages that need to specify >> one can do so. Usually installation will never fail, but if some >> user specifies a particular UID and doesn't get it, we die(). >> >> 3 Mostly fixed UIDs, but with a fallback to random ones if you >> don't get the UID you want. Here, everyone specifies their >> "preferred" UID, and we try that first. If it doesn't work, you get >> the random assignment. > > > You could easily start with #3, and after some years, move to #1. Yep. But, why can't (1) be selectable (now) as part of a profile, once that discussion on profiles is formalized into a pathway forward? > Anyone with a 20 year old Gentoo install (by that time) should expect > to have to do very heavy lifting. Just leave them alone for now, as gentoo systems can now have different gid/uid mappings. Migration strategies will emerge over time. We'd need some mechanism to determine if a given package attempts to set a contrarian uid/gid. Perhaps a flag for those packages could address uid/gid conflicts going forward in a one-off solution? > I for one am more than willing to do whatever shell commands necessary > to make all my Gentoo installs agree on UIDs and get #1 now, but I > realise most people are not. YES! I think after (1) is finalized, it should be part of the handbook installation as a default, but selectable. That way the migration is gently fast-tracked. Matching up with Debian, is a really good idea, as long as nothing is conflated by systemd. > - --arw hth, James > > - -- > A. Wilcox (awilfox) > Project Lead, Adélie Linux > http://adelielinux.org > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2 > > iQIcBAEBCAAGBQJYjiTOAAoJEMspy1GSK50UCgYP/j7zBRAiL6w7fACER+A+J/3x > keXe4OsBzlNsUxqC+BrQ/Y9tCSJnIHRIs6ozQCgEdfAKJfkLqkSmKAY3O3RT+mho > VzjUCibftf/UNGOnFf6BqXCeBEjtV1YA7URlYumNyHxdG/AFIICWYFSSTLwzJoR1 > 91wqJmbcUI3LtQXoXodaYC2nbUWvcbO8RyxpDmxZ33L8xj1lAgpuFNcdEs+Rscxp > oDK4zJC/K8wUYTUR2YO1Lb3lPF6qgJbMcX0YpQaXIGeYA2PXf4O+LqTXmGNr4O9r > DFM3dbPgq2YPuHORACUY5YsmPBjHiaJlgzJo2WrhnIc2D1MPhA430Xlloiua3kF9 > G7yqkz7mhBtJFrExoQ2MrtXMB5vwDUZ+3qrBzx/cKfxpSzsRck5NZ27eWK0oEpg2 > fAUFJT7iIwSD3WyLkQbc2HHQ5nnTlnrBHM56YgCIPgz1Y4aNSB7hA+tCfQj4CNZC > Y25d9VzBM2KclASiH6ROQLK5EyU0joMtZvTRx89b8SJV+AebLeaWtCsGe41KeF/W > iDSnPGXtKRLYZtdebxGCXZwbaUVCRu/cIH2TXMpWDjm0iw3GoFZ6jiLveRCns59U > UecZNQph5tPc/HBX2zCTTmH3jNfifSfb525aHVnUSVlyTWa8SQzw2jlnOuAkI33q > 8MY5++CHplEPGVCvYMrc > =99NE > -----END PGP SIGNATURE----- > > >