From nobody Thu Mar 28 15:26:20 2024 X-Original-To: alpine-devel@mail.alpinelinux.org Delivered-To: alpine-devel@mail.alpinelinux.org Received: from mail.alpinelinux.org (dallas-a1.alpinelinux.org [127.0.0.1]) by mail.alpinelinux.org (Postfix) with ESMTP id 0C7ABDCE5FE for ; Wed, 20 Apr 2016 20:30:34 +0000 (UTC) Received: from sender153-mail.zoho.com (sender153-mail.zoho.com [74.201.84.153]) (using TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by mail.alpinelinux.org (Postfix) with ESMTPS id 23775DC9D2B for ; Wed, 20 Apr 2016 20:30:33 +0000 (UTC) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=zapps768; d=zoho.com; h=date:from:to:message-id:subject:mime-version:content-type:user-agent; b=DBcdN5MSxaSo9U+mTlV3iuXm0haB0c0baPqqeiP80dCaP14ZDyWIQdI2via3GKQ2sGQ4IehEJO4p V+w1MFe2NC+p4eIhxp5lmdWF3lN1WAHEGrz4kkTrT44f2lR3VwJv Received: from mail.zoho.com by mx.zohomail.com with SMTP id 1461184230606976.074069267786; Wed, 20 Apr 2016 13:30:30 -0700 (PDT) Received: from [89.74.38.183] by mail.zoho.com with HTTP;Wed, 20 Apr 2016 13:30:30 -0700 (PDT) Date: Wed, 20 Apr 2016 22:30:30 +0200 From: =?UTF-8?Q?Przemys=C5=82aw_Pawe=C5=82czyk?= To: "alpine-devel" Message-ID: <154355df497.e6017f8d18572.7702314254654647251@zoho.com> Subject: [alpine-devel] UID+GID inconsistency for installed services X-Mailinglist: alpine-devel Precedence: list List-Id: Alpine Development List-Unsubscribe: List-Post: List-Help: List-Subscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Priority: Medium User-Agent: Zoho Mail X-Mailer: Zoho Mail X-Virus-Scanned: ClamAV using ClamSMTP Hi, I noticed some inconsistency with UIDs and GIDs assigned for services. It was possible thanks to crony's awful entry in my /etc/passwd: chrony:x:100:1000:Linux User,,,:/var/log/chrony:/sbin/nologin It is linux user, but not a human linux user, what is meant here. The problem in this particular case is high GID, usually reserved for users. Looking at main alone in aports we have following situation right now. $ git grep adduser | wc -l 108 $ git grep adduser | grep -v -- ' -S' | wc -l 39 $ git grep adduser | grep -v -- ' -S' | grep -- ' -u' | wc -l 3 There are 108 invocations of adduser, 39 of them lack -S (system user) option, but within them 3 provide low UID. So these 3 could be left intact, but for consistency it would be better to add -S to all 39 adduser invocations lacking it. $ git grep addgroup | wc -l 106 $ git grep addgroup | grep -v -- ' -S' | wc -l 43 $ git grep addgroup | grep -v -- ' -S' | grep -- ' -g' | wc -l 1 There are 106 invocations of addgroup, 43 of them lack -S (system group) option, but within them 1 provides low GID. I think all these should be fixed, also in community and testing. And I doubt there will be any opposition. I may prepare all patches to not burden anyone with this, but question is whether changes should be split per package, per category, maybe one big patch would be fine? Or maybe someone with commits rights prefers to do it herself/himself? Regards, Przemek --- Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org Help: alpine-devel+help@lists.alpinelinux.org --- From nobody Thu Mar 28 15:26:20 2024 X-Original-To: alpine-devel@mail.alpinelinux.org Delivered-To: alpine-devel@mail.alpinelinux.org Received: from mail.alpinelinux.org (dallas-a1.alpinelinux.org [127.0.0.1]) by mail.alpinelinux.org (Postfix) with ESMTP id 3840EDC0933 for ; Thu, 21 Apr 2016 07:14:38 +0000 (UTC) Received: from newmail.tetrasec.net (unknown [74.117.189.117]) by mail.alpinelinux.org (Postfix) with ESMTP id 161A6DC0330 for ; Thu, 21 Apr 2016 07:14:38 +0000 (UTC) Received: from ncopa-desktop.alpinelinux.org (229.63.200.37.customer.cdi.no [37.200.63.229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: n@tanael.org) by newmail.tetrasec.net (Postfix) with ESMTPSA id 1963E5A12F8; Thu, 21 Apr 2016 07:14:36 +0000 (GMT) Date: Thu, 21 Apr 2016 09:14:30 +0200 From: Natanael Copa To: =?ISO-8859-1?B?UHJ6ZW15cyphdyBQYXdlKmN6eWs=?= Cc: "alpine-devel" Subject: Re: [alpine-devel] UID+GID inconsistency for installed services Message-ID: <20160421091430.0de9dd2e@ncopa-desktop.alpinelinux.org> In-Reply-To: <154355df497.e6017f8d18572.7702314254654647251@zoho.com> References: <154355df497.e6017f8d18572.7702314254654647251@zoho.com> X-Mailer: Claws Mail 3.13.2 (GTK+ 2.24.28; x86_64-alpine-linux-musl) X-Mailinglist: alpine-devel Precedence: list List-Id: Alpine Development List-Unsubscribe: List-Post: List-Help: List-Subscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Virus-Scanned: ClamAV using ClamSMTP On Wed, 20 Apr 2016 22:30:30 +0200 Przemys*aw Pawe*czyk wrote: > Hi, >=20 > I noticed some inconsistency with UIDs and GIDs assigned for services. > It was possible thanks to crony's awful entry in my /etc/passwd: >=20 > chrony:x:100:1000:Linux User,,,:/var/log/chrony:/sbin/nologin >=20 > It is linux user, but not a human linux user, what is meant here. > The problem in this particular case is high GID, usually reserved for > users. ... =20 > There are 106 invocations of addgroup, 43 of them lack -S (system > group) option, but within them 1 provides low GID. >=20 > I think all these should be fixed, also in community and testing. > And I doubt there will be any opposition. I agree. We should fix this. > I may prepare all patches to not burden anyone with this, but question > is whether changes should be split per package, per category, maybe > one big patch would be fine? In this case i think a single patch would be fine. Please note that I am currently working on a more portable useradd/groupadd (see http://lists.busybox.net/pipermail/busybox/2016-February/083907.html) We should replace the adduser with useradd and addgroup with groupadd once that is in place. But I think it may be worth adding the '-S' like you suggest first. Or maybe even '--system' which should work with the useradd/groupadd. > Or maybe someone with commits rights prefers to do it herself/himself? Please feel free to send a patch. Also, please ping me in IRC once you've sent it as this patch will need to go in relatively fast as other updates will cause conflict. Thanks! -nc --- Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org Help: alpine-devel+help@lists.alpinelinux.org ---