From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1O7w0l-0000yR-KB for garchives@archives.gentoo.org; Fri, 30 Apr 2010 19:36:31 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 45BB7E084B; Fri, 30 Apr 2010 19:36:25 +0000 (UTC) Received: from mail-gy0-f181.google.com (mail-gy0-f181.google.com [209.85.160.181]) by pigeon.gentoo.org (Postfix) with ESMTP id 69620E05BE for ; Fri, 30 Apr 2010 19:36:10 +0000 (UTC) Received: by gyg8 with SMTP id 8so221143gyg.40 for ; Fri, 30 Apr 2010 12:36:10 -0700 (PDT) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 Received: by 10.91.51.6 with SMTP id d6mr730292agk.85.1272656169857; Fri, 30 Apr 2010 12:36:09 -0700 (PDT) Sender: antarus@scriptkitty.com Received: by 10.90.75.13 with HTTP; Fri, 30 Apr 2010 12:36:09 -0700 (PDT) In-Reply-To: <20100430200726.298ae94c@pomiot.lan> References: <20100430200726.298ae94c@pomiot.lan> Date: Fri, 30 Apr 2010 12:36:09 -0700 X-Google-Sender-Auth: f206b6acb2ab5dad Message-ID: Subject: Re: [gentoo-dev] A policy to support random superuser account names From: Alec Warner To: gentoo-dev@lists.gentoo.org Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Archives-Salt: d9344ce9-5998-44b0-a6fc-15bf91523bfa X-Archives-Hash: 962d0456164549a46453ec5d8fea23af On Fri, Apr 30, 2010 at 11:07 AM, Micha=C5=82 G=C3=B3rny wrote: > Hello, > > I would like to put an emphasis on the fact that many eclasses > and ebuilds in gx86 are relying on an assumption that the superuser > account is always supposed to be named 'root'. > > In fact, no such constraint exists. Although most users will never even > think of changing the superuser account name, it is perfectly legit > to do so, and to use any name for that account. Moreover, it is > perfectly legit to name an unprivileged user 'root' too. Whether it is legitimate or not is irrelevant. Users can chose to do all sorts of legitimate but in the end utterly retarded things to their systems and developers chose whether or not to support them. gcc flags are a common case here (I can legitimately set a number of flags; but most developers ignore reports with odd flags.) > > Thus, the above assumption is clearly incorrect and may result in many > issues with ebuilds using it. These range from builds failing because > of chown 'invalid user' error to packages being installed with > incorrect file ownership. I'd say the assumption is correct in 95% of cases; so it remains a useful o= ne. > > From what I've heard already, similar problem has hit Gentoo/*BSD users > already, with superuser group not being named 'root'. Although some > files were fixed to properly use numeric GID in the specific case, > no UID-related changes were done. > > Moreover, not all developers agree with the case being an issue, > and they even refuse patches clearly fixing it [1]. Thus, I guess that > a clear policy regarding referencing the superuser account should be > enforced. Users do a number of utterly ridiculous things to their system and developers are free to reject bug reports for any number of reasons (this being one of them.) > > In my opinion, that policy should clearly indicate that the numeric > UID/GID should be always used for referencing the superuser account > as they are fixed unlike the names. Except as stated they are not fixed (as Fabian pointed out). I'm happy to support something like setting ROOT_UID and ROOT_GID in gentoo-x86 profiles and using those. Then if you want to do something utterly ridiculous to your system you can just set the appropriate variables. This will likely take a GLEP though; plus it is a major change to a lot of software we have; are you willing to make said changes? Making a proposal like this is all well and good but you are asking for a lot of work to be done for what is essentially very little gain for users. -A > > [1] http://bugs.gentoo.org/show_bug.cgi?id=3D315779 > > -- > Best regards, > Micha=C5=82 G=C3=B3rny > > > >