Your message dated Fri, 21 Feb 2025 07:34:43 +0000
with message-id <[email protected]>
and subject line Bug#1067845: fixed in adduser 3.139
has caused the Debian Bug report #1067845,
regarding adduser: Reserving uid/gid from the uid/gid pools
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1067845: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067845
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: adduser
Version: 3.134
Severity: wishlist
Tags: patch
Dear Maintainer,
The UID_POOL (and GID_POOL) files contains UIDs that should be used for given
name. It would be helpful to reserve the UIDs for the future, so that the order
of adding users to the system won't affect the usability of the UIDs/names.
I.e. if a UID is in the pool, it won't be used unless for the specific name in
the pool.
Attached is a patch that accompilshes this. The RESERVE_UID_POOL and
RESERVE_GID_POOL configurations can be used to enable/disable this feature.
This could also be used to solve bug 248500.
Thanks,
Yair.
-- System Information:
Debian Release: 12.5
APT prefers stable-security
APT policy: (990, 'stable-security'), (990, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 6.6.20-aufs-1 (SMP w/32 CPU threads; PREEMPT)
Kernel taint flags: TAINT_CPU_OUT_OF_SPEC
Locale: LANG=en_IL.UTF-8, LC_CTYPE=en_IL.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US:en_GB:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages adduser depends on:
ii passwd 1:4.13+dfsg1-1+b1
adduser recommends no packages.
Versions of packages adduser suggests:
ii cron 3.0pl1-162
ii liblocale-gettext-perl 1.07-5
ii perl 5.36.0-7+deb12u1
ii quota 4.06-1+b2
-- Configuration Files:
/etc/adduser.conf changed [not included]
-- no debconf information
--- a/AdduserCommon.pm
+++ b/AdduserCommon.pm
@@ -132,7 +132,7 @@
if ($type eq "uid") {
($name, $id, $comment, $home, $shell) = split (/:/);
if (!$name || $name !~ /^([_a-zA-Z0-9-]+)$/ ||
- !$id || $id !~ /^(\d+)$/) {
+ !defined($id) || $id !~ /^(\d+)$/) {
warnf gtx("Couldn't parse `%s', line %d.\n"),$pool_file,$.;
next;
}
@@ -145,7 +145,7 @@
} elsif ($type eq "gid") {
($name, $id) = split (/:/);
if (!$name || $name !~ /^([_a-zA-Z0-9-]+)$/ ||
- !$id || $id !~ /^(\d+)$/) {
+ !defined($id) || $id !~ /^(\d+)$/) {
warnf gtx("Couldn't parse `%s', line %d.\n"),$pool_file,$.;
next;
}
@@ -314,6 +314,8 @@
add_extra_groups => 0,
uid_pool => "",
gid_pool => "",
+ reserve_uid_pool => 1,
+ reserve_gid_pool => 1,
);
# Initialize to the set of known variables.
--- a/adduser
+++ b/adduser
@@ -123,6 +123,8 @@
my $perm = undef;
my %uid_pool;
my %gid_pool;
+my %reserved_uid_pool;
+my %reserved_gid_pool;
our @names;
@@ -260,9 +262,15 @@
# read the uid and gid pool
if ($config{"uid_pool"}) {
read_pool ($config{"uid_pool"}, "uid", \%uid_pool);
+ if ($config{"reserve_uid_pool"}) {
+ %reserved_uid_pool = map {$uid_pool{$_}{id} => $_} keys %uid_pool;
+ }
}
if ($config{"gid_pool"}) {
read_pool ($config{"gid_pool"}, "gid", \%gid_pool);
+ if ($config{"reserve_gid_pool"}) {
+ %reserved_gid_pool = map {$gid_pool{$_}{id} => $_} keys %gid_pool;
+ }
}
&checkname($new_name) if defined $new_name;
@@ -1128,7 +1136,7 @@
my $t = $min;
while ($t <= $max) {
- return $t if (!defined(getpwuid($t)));
+ return $t if (!exists($reserved_uid_pool{$t}) and
!defined(getpwuid($t)));
$t++;
}
return -1; # nothing available
@@ -1151,7 +1159,7 @@
my $t = $min;
while ($t <= $max) {
- return $t if (!defined(getgrgid($t)));
+ return $t if (!exists($reserved_gid_pool{$t}) and
!defined(getgrgid($t)));
$t++;
}
return -1; # nothing available
@@ -1175,7 +1183,8 @@
my $t = $min;
while ($t <= $max) {
- return $t if (!defined(getgrgid($t)) && !defined(getpwuid($t)));
+ return $t if (!exists($reserved_uid_pool{$t}) &&
!exists($reserved_gid_pool{$t}) &&
+ !defined(getgrgid($t)) && !defined(getpwuid($t)));
$t++;
}
return -1; # nothing available
--- End Message ---
--- Begin Message ---
Source: adduser
Source-Version: 3.139
Done: Marc Haber <[email protected]>
We believe that the bug you reported is fixed in the latest version of
adduser, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Marc Haber <[email protected]> (supplier of updated adduser
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 20 Feb 2025 22:01:57 +0100
Source: adduser
Architecture: source
Version: 3.139
Distribution: unstable
Urgency: medium
Maintainer: Debian Adduser Developers <[email protected]>
Changed-By: Marc Haber <[email protected]>
Closes: 214546 1037057 1040441 1041279 1041877 1051356 1051644 1056144 1067845
1074567 1082102 1083293 1087703
Changes:
adduser (3.139) unstable; urgency=medium
.
* improve code rubustness regarding Unicode
* adapt default regular expressions to new useradd behavior
* explicitly catch and handle useradd's "invalid user name" exit code
* more documentation regarding PRECIS Framework
* more tests against invalid / unwanted user names
* modernize things
* update German translation of man page.
Thanks to Helge Kreutzmann
* Formatting improvements to manual pages.
Thanks to Helge Kreutzmann (Closes: 1087703)
.
adduser (3.138) experimental; urgency=medium
.
* experimental upload because of so many changes.
* adduser und deluser can now run with -T, and actually do it.
Unfortunately, we had to disable some tests to allow this.
Thanks to Christoph Berg (Closes: #214546)
* apply patch to allow reserve_{uid|gid}_pool.
Thanks to Yair Yarom (Closes: #1067845)
+ only call logger --id $$ if SYS_ADMIN capability is present. This
is related to #1086233. Thanks to Paul Gevers, Peter Colberg,
Simon McVittie, and Chris Hofstaedtler. (Closes: #1074567)
* Fix wrongly parenthesized signal handler message.
Thanks to Tasos Sahanidis <[email protected]>
* add documentation about how to lock and unlock accounts
* adapt adduser to more strict user name checking now enforced by
useradd. This unfortunately meant to disable some more of our tests.
* give --badname to useradd to allow creation of the user
* tweak valid_username tests for new useradd
* disable \ user name test
* disable worst user name test
* lots of more comments, more debugging, more consistency inside
the package and between adduser and deluser.
* put lots of log_info messaes into lower priorities
* stdoutmsglevel is now warn. This allows adduser --system to be completey
silent without having to check whether we run from a maintainer script.
* log level settings now have priority over the deprecated verbose.
* Standards-Version: 4.7.0 (no changes necessary)
.
* Manual pages:
* Work by Helge Kreutzmann:
* Fix various trivial issues in man pages.
Addresses: #1031081
* bulk change: fix wrong capitalization of "modes"
* bulk change: fix wrong interpunction in "modes" lines
* stylistic changes to adduser.8 man page.
* fix inconsistency GID/ID.
* use "digits" instead of "numbers"
* re-word security warning about deluser via sudo.
* Work by Bjarni Ingi Gislason <[email protected]>:
* fix some formatting and text issues in manpages.
(Closes: #1037057)
* add blank lines between .YS and .SY.
* add missing .YS
* add missing whitespace after quotes
* fix wrong usage of .BR and .IR, move to .B and .I.
* fix semantic linebreaks for deprecated options.
* fix missing comma.
* mention users-and-groups.html in adduser.8.
Thanks to Karl O. Pinc (Closes: #1051356)
* various clarifications, re-wording, adaption to
behavior change and new features.
* avoid Debian codename in adduser.8 manpage
* Translations:
* update portuguese program translation.
Thanks to Américo Monteiro (Closes: #1051644)
* Update Portuguese translation of manual pages.
Thanks to Américo Monteiro (Closes: #1056144, #1040441)
* Update Catalan translation. Thanks to Carles Pina i Estany.
* Update dutch program translation.
Thanks to Frans Spiesschaert (Closes: #1041279)
* update durch manual package translation.
Thanks to Frans Spiesschaert (Closes: #1041877)
* new translation for French manual page.
Thanks to Jean-Paul Guillonneau (Closes: #1083293)
* Add new romanian translation for program and man pages.
Thanks to Remus-Gabriel Chelu (Closes: #1082102)
* Update German translation of man page
Thanks to Helge Kreutzmann
Checksums-Sha1:
acbd6cbd43df75954bbff0e27cadf48fe98777dc 1671 adduser_3.139.dsc
6e720e6b9d62ba87710c897a2124b48ffa4abb2d 309572 adduser_3.139.tar.xz
cb1cffd90beb0bd76853140d1f90904efed03cac 5859 adduser_3.139_source.buildinfo
Checksums-Sha256:
64959605a9cb0f2ae3b6c92cd0d36d361046f3dbcc23ae7417b1dfb0f9de820a 1671
adduser_3.139.dsc
e899cb6f5a20677adf4d9669ef83325d6b53b4b4ffa26315ff426d1e395cd1d5 309572
adduser_3.139.tar.xz
f2e73829ad810a1ff0bc2bd1968b839bbdcabada57f8d50fbd322af5fab8c911 5859
adduser_3.139_source.buildinfo
Files:
fcfb8935c6b355c15d972b9a4a5153e0 1671 admin important adduser_3.139.dsc
817c87106edb34056883c9e13cec3c4d 309572 admin important adduser_3.139.tar.xz
7ec3c1a7b0c9af899bab18ec658dc59f 5859 admin important
adduser_3.139_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEE6QL5UJ/L0pcuNEbjj3cgEwEyBEIFAme4K7QACgkQj3cgEwEy
BEKeuhAA06FE00gZeGCbi34/+iC6fYER5Ok8oGrvstUcJ0wfLFF+GonSZ1QqH14Q
kur5gAWPnUlteFRCauySUEyB9M9H97XsFTnZnAsAQUlBDu/arL79zbKi2YjnZJsj
00jwxHzYyoLq524NVfZlkEI1yAb3VyD6MTjz8Rb1K3BbQ/cJvo+2Q1eo0oTw54pP
hY/Z3BYVaboznSnjbTeR3bEqGOFLwdRh38fPkQnAbbfuMQtYQEFCGTHjwoRzcSL7
FDXwO5CVoiCE6qBkNp0VrxJXbtu4Qvt6cuhImKbrHKUoCbiEUQooM9ernz8XSvCq
7Rieum8lKFGlNNbFrnPRYG4s7+mT8zsBoWI3TNalf1eLJBz5erlWdPcj3Z5wts3X
mjZ+KnHOXcMVRRmjbb0q/e+eA5C09jX5ESyW211ZcUhu++bX+w5EYYda1UFAUIKV
osWSc1jk8jyzgqzWRWYKKcptEvHxDJ5ZAEJYm47em8nzhOzftg7NPHhIm6sMcqPn
eqvIaOYLrldJJvwM5tLMo/tA2WQOdeemImMyp3lrs8xGpKRFCP0fVUmbRO7WMn3B
KieIOZUMF/N2lnJz/NN/hBnZ3bPwMpRgdzP+L+CvEyib8M49Rhy6tOvXoaoLLbUo
WWwphn+zuGC23J60XEY6n7inlarv07Px1TRTrMFie54kG7e9xSU=
=XEsi
-----END PGP SIGNATURE-----
pgpafxDzdm7Yp.pgp
Description: PGP signature
--- End Message ---
