From: Michael Orlitzky <mjo@gentoo.org>
To: gentoo-dev@lists.gentoo.org
Subject: Re: [gentoo-dev] RFC: UID/GID rspamd
Date: Tue, 3 Dec 2019 08:04:28 -0500 [thread overview]
Message-ID: <e0f83545-8f22-543f-9262-10905ec19ea2@gentoo.org> (raw)
In-Reply-To: <20191203104116.GA3062@atlantis>
On 12/3/19 5:41 AM, Petr Vaněk wrote:
>
> Btw, I am just curios about the situation when there is a foo overlay
> with acct-{user,group}/foo using UID/GID already set in main gentoo
> overlay and later on we would like to move it to the main gentoo
> overlay. It would be necessary to chose different UID/GID for
> acct-{user,group}/foo. So, my question is, would it be technically
> feasible to do the migration for users of the foo overlay? I can
> imagine this scenario will occur once in the future and it is UID/GID
> change.
>
The GLEP81 eclasses will reuse an existing account (with the "old" UID)
if the name matches. When migrating from an overlay, things should keep
working for the overlay users -- they just won't get the new UID.
Regular users of ::gentoo won't notice anything out of the ordinary.
What doesn't work is trying to fix the existing UID/GID to match the new
one. To do that, you'd need to know every file on the system that's
owned by the old UID, so that you can switch them to the new UID.
There's no good way to do that, and definitely no secure way to chown
them afterwards. So, we can't do it in the eclasses in the main tree.
But, if you're working on something in an overlay and if you know how
the software works and are comfortable finding/deleting all of its files
and wiping its entry out of /etc/passwd, then in that specific case, you
can even switch the UIDs. Just manually erase all traces of the user
from your system, and then emerge the ebuild from ::gentoo.
prev parent reply other threads:[~2019-12-03 13:04 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-12-02 15:23 [gentoo-dev] RFC: UID/GID rspamd Petr Vaněk
2019-12-02 15:26 ` Michael Orlitzky
2019-12-03 10:41 ` Petr Vaněk
2019-12-03 13:04 ` Michael Orlitzky [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=e0f83545-8f22-543f-9262-10905ec19ea2@gentoo.org \
--to=mjo@gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox