~alpine/devel

1

[alpine-devel] UID+GID inconsistency for installed services

Przemysław Pawełczyk <przemoc@zoho.com>
Details
Message ID
<154355df497.e6017f8d18572.7702314254654647251@zoho.com>
Sender timestamp
1461184230
DKIM signature
missing
Download raw message
7 years ago 
Hi,

I noticed some inconsistency with UIDs and GIDs assigned for services.
It was possible thanks to crony's awful entry in my /etc/passwd:

    chrony:x:100:1000:Linux User,,,:/var/log/chrony:/sbin/nologin

It is linux user, but not a human linux user, what is meant here.
The problem in this particular case is high GID, usually reserved for
users.

Looking at main alone in aports we have following situation right now.

    $ git grep adduser | wc -l
    108
    $ git grep adduser | grep -v -- ' -S' | wc -l
    39
    $ git grep adduser | grep -v -- ' -S' | grep -- ' -u' | wc -l
    3

There are 108 invocations of adduser, 39 of them lack -S (system user)
option, but within them 3 provide low UID.
So these 3 could be left intact, but for consistency it would be better
to add -S to all 39 adduser invocations lacking it.

    $ git grep addgroup | wc -l
    106
    $ git grep addgroup | grep -v -- ' -S' | wc -l
    43
    $ git grep addgroup | grep -v -- ' -S' | grep -- ' -g' | wc -l
    1

There are 106 invocations of addgroup, 43 of them lack -S (system
group) option, but within them 1 provides low GID.

I think all these should be fixed, also in community and testing.
And I doubt there will be any opposition.

I may prepare all patches to not burden anyone with this, but question
is whether changes should be split per package, per category, maybe
one big patch would be fine?

Or maybe someone with commits rights prefers to do it herself/himself?

Regards,
Przemek



---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---
Natanael Copa <ncopa@alpinelinux.org>
Details
Message ID
<20160421091430.0de9dd2e@ncopa-desktop.alpinelinux.org>
In-Reply-To
<154355df497.e6017f8d18572.7702314254654647251@zoho.com> (view parent)
Sender timestamp
1461222870
DKIM signature
missing
Download raw message
7 years ago 
On Wed, 20 Apr 2016 22:30:30 +0200
Przemys*aw Pawe*czyk <przemoc@zoho.com> wrote:

> Hi,
> 
> I noticed some inconsistency with UIDs and GIDs assigned for services.
> It was possible thanks to crony's awful entry in my /etc/passwd:
> 
>     chrony:x:100:1000:Linux User,,,:/var/log/chrony:/sbin/nologin
> 
> It is linux user, but not a human linux user, what is meant here.
> The problem in this particular case is high GID, usually reserved for
> users.

...
 
> There are 106 invocations of addgroup, 43 of them lack -S (system
> group) option, but within them 1 provides low GID.
> 
> I think all these should be fixed, also in community and testing.
> And I doubt there will be any opposition.

I agree. We should fix this.

> I may prepare all patches to not burden anyone with this, but question
> is whether changes should be split per package, per category, maybe
> one big patch would be fine?

In this case i think a single patch would be fine.

Please note that I am currently working on a more portable
useradd/groupadd (see
http://lists.busybox.net/pipermail/busybox/2016-February/083907.html)

We should replace the adduser with useradd and addgroup with groupadd
once that is in place. But I think it may be worth adding the '-S' like
you suggest first. Or maybe even '--system' which should work with the
useradd/groupadd.

> Or maybe someone with commits rights prefers to do it herself/himself?

Please feel free to send a patch. Also, please ping me in IRC once
you've sent it as this patch will need to go in relatively fast as
other updates will cause conflict.

Thanks!

-nc


---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---
Reply to thread Export thread (mbox)