Mail archive
alpine-devel

Re: [alpine-devel] UID+GID inconsistency for installed services

From: Natanael Copa <ncopa_at_alpinelinux.org>
Date: Thu, 21 Apr 2016 09:14:30 +0200

On Wed, 20 Apr 2016 22:30:30 +0200
Przemys*aw Pawe*czyk <przemoc_at_zoho.com> wrote:

> Hi,
>
> I noticed some inconsistency with UIDs and GIDs assigned for services.
> It was possible thanks to crony's awful entry in my /etc/passwd:
>
> chrony:x:100:1000:Linux User,,,:/var/log/chrony:/sbin/nologin
>
> It is linux user, but not a human linux user, what is meant here.
> The problem in this particular case is high GID, usually reserved for
> users.

...
 
> There are 106 invocations of addgroup, 43 of them lack -S (system
> group) option, but within them 1 provides low GID.
>
> I think all these should be fixed, also in community and testing.
> And I doubt there will be any opposition.

I agree. We should fix this.

> I may prepare all patches to not burden anyone with this, but question
> is whether changes should be split per package, per category, maybe
> one big patch would be fine?

In this case i think a single patch would be fine.

Please note that I am currently working on a more portable
useradd/groupadd (see
http://lists.busybox.net/pipermail/busybox/2016-February/083907.html)

We should replace the adduser with useradd and addgroup with groupadd
once that is in place. But I think it may be worth adding the '-S' like
you suggest first. Or maybe even '--system' which should work with the
useradd/groupadd.

> Or maybe someone with commits rights prefers to do it herself/himself?

Please feel free to send a patch. Also, please ping me in IRC once
you've sent it as this patch will need to go in relatively fast as
other updates will cause conflict.

Thanks!

-nc


---
Unsubscribe:  alpine-devel+unsubscribe_at_lists.alpinelinux.org
Help:         alpine-devel+help_at_lists.alpinelinux.org
---
Received on Thu Apr 21 2016 - 09:14:30 UTC