FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Development

 
 
LinkBack Thread Tools
 
Old 07-20-2011, 04:07 PM
Miloslav Trmač
 
Default Starting user UIDs at 1000 - please check your packages

Hello all,
Fedora 16 will start user UIDs and GIDs at 1000 instead of 500[1].

Unfortunately some packages need to know the boundary, and usually
hard-code it. I have checked the most common packages[2], but I can't
check all 10 thousand packages, and I your help with this.

Please check the packages you own:
* (rpmbuild -bp) your packages
* grep the source code for /<500>/
* Check the results for code that compares UID or GID values to 500.
It may be useful to filter out the following common false positives:
- _XOPEN_SOURCE
- .po and .pot files
- g_timeout_add, gobject.timeout_add, /.*sleep *(500/

Of course you can skip packages that you know very well; but please
check packages if you are the tiniest bit unsure - the hard-coded
value appears in surprising places (e.g. httpd).

If you find code that hard-codes the UID or GID boundary:
- Add code that parses /etc/login.defs for the actual value of the
boundary (UID_MIN, GID_MIN). [3] contains Python code to do this.
- Keep the existing hard-coded boundary as a fallback for cases where
/etc/login.defs doesn't exist.

I'll be happy to help with the porting or to answer any questions -
just send me an e-mail.

Thank you,
Mirek


[1] https://fedoraproject.org/wiki/Features/1000SystemAccounts
[2] Those that can be installed by choosing all package groups
("Graphical Desktop", "Software Development", "Web Server") in
anaconda without enabling comps groups or packages individually.
[3] https://bugzilla.redhat.com/attachment.cgi?id=510191
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 07-20-2011, 04:15 PM
Benjamin Lewis
 
Default Starting user UIDs at 1000 - please check your packages

On 07/20/2011 04:07 PM, Miloslav Trmač wrote:
> Hello all,
> Fedora 16 will start user UIDs and GIDs at 1000 instead of 500[1].
>
> Unfortunately some packages need to know the boundary, and usually
> hard-code it. I have checked the most common packages[2], but I can't
> check all 10 thousand packages, and I your help with this.

Out of curiosity, how does this affect existing systems which have human
UIDs of 500, 501, etc..?

Do they suddenly become system UIDs or is login.defs left alone then
(and consequently no change happens)?


--
Benjamin Lewis

--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 07-20-2011, 04:18 PM
Miloslav Trmač
 
Default Starting user UIDs at 1000 - please check your packages

On Wed, Jul 20, 2011 at 6:15 PM, Benjamin Lewis <ben.lewis@benl.co.uk> wrote:
> On 07/20/2011 04:07 PM, Miloslav Trmač wrote:
>> Hello all,
>> Fedora 16 will start user UIDs and GIDs at 1000 instead of 500[1].
>>
>> Unfortunately some packages need to know the boundary, and usually
>> hard-code it. *I have checked the most common packages[2], but I can't
>> check all 10 thousand packages, and I your help with this.
>
> Out of curiosity, how does this affect existing systems which have human
> UIDs of 500, 501, etc..?
>
> Do they suddenly become system UIDs or is login.defs left alone then
> (and consequently no change happens)?

login.defs is %config(noreplace), so nothing is changed for existing systems.
Mirek
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 07-20-2011, 04:24 PM
Ric Wheeler
 
Default Starting user UIDs at 1000 - please check your packages

On 07/20/2011 12:18 PM, Miloslav Trmač wrote:
> On Wed, Jul 20, 2011 at 6:15 PM, Benjamin Lewis<ben.lewis@benl.co.uk> wrote:
>> On 07/20/2011 04:07 PM, Miloslav Trmač wrote:
>>> Hello all,
>>> Fedora 16 will start user UIDs and GIDs at 1000 instead of 500[1].
>>>
>>> Unfortunately some packages need to know the boundary, and usually
>>> hard-code it. I have checked the most common packages[2], but I can't
>>> check all 10 thousand packages, and I your help with this.
>> Out of curiosity, how does this affect existing systems which have human
>> UIDs of 500, 501, etc..?
>>
>> Do they suddenly become system UIDs or is login.defs left alone then
>> (and consequently no change happens)?
> login.defs is %config(noreplace), so nothing is changed for existing systems.
> Mirek

I normally build systems with (at least!) a separate /boot, / and /home. This
lets me do a full install, blow away old fedora system partitions and not lose
any user data.

Since that puts down a pristine F16 image, does that mean we need to chown all
of the user files that survive in a separate partition?

Thanks!

Ric

--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 07-20-2011, 04:28 PM
Miloslav Trmač
 
Default Starting user UIDs at 1000 - please check your packages

On Wed, Jul 20, 2011 at 6:24 PM, Ric Wheeler <rwheeler@redhat.com> wrote:
> I normally build systems with (at least!) a separate /boot, / and /home.
> This lets me do a full install, blow away old fedora system partitions and
> not lose any user data.
>
> Since that puts down a pristine F16 image, does that mean we need to chown
> all of the user files that survive in a separate partition?
Either chown the files, or create a kickstart file that puts
/etc/login.defs in place in a %pre script. chown is probably much
simpler unless you have many systems to manage.
Mirek
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 07-20-2011, 04:29 PM
Ric Wheeler
 
Default Starting user UIDs at 1000 - please check your packages

On 07/20/2011 12:28 PM, Miloslav Trmač wrote:
> On Wed, Jul 20, 2011 at 6:24 PM, Ric Wheeler<rwheeler@redhat.com> wrote:
>> I normally build systems with (at least!) a separate /boot, / and /home.
>> This lets me do a full install, blow away old fedora system partitions and
>> not lose any user data.
>>
>> Since that puts down a pristine F16 image, does that mean we need to chown
>> all of the user files that survive in a separate partition?
> Either chown the files, or create a kickstart file that puts
> /etc/login.defs in place in a %pre script. chown is probably much
> simpler unless you have many systems to manage.
> Mirek

Makes sense...

We should also note that this might be a common need for users who have SAN
attached storage (and that could be large, multi-user systems).

Regards,

Ric

--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 

Thread Tools




All times are GMT. The time now is 07:09 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org