On 6/9/2019 7:39 AM, Michał Górny wrote:
> +Specification
> +=============
> +
> +Policy
> +------
> +
> +Following the acceptance of this GLEP, all new users and groups must
> +be created via user/group packages as defined in this GLEP.  The old
> +method may still be used for existing users/groups, in existing
> +packages.
> +
> +All new users and groups must have unique UIDs/GIDs assigned
> +by developers.  The developer adding them is responsible for checking
> +for collisions.

What significance will such numbers have when a daemon uses a new
UID/GID and really doesn't care what it is?  Why do we have to go
through the effort of assigning fixed IDs at random?

> +
> +Before adding a new user and/or group, the developer must send a RFC
> +to the ``gentoo-dev`` mailing list.

This paragraph should go away.  It is a complete waste of time.

> +
> +
> +Logical structure
> +-----------------
> +
> +In this proposal, system users and groups are represented by regular
> +packages.  Those packages logically represent the ownership of
> +the respective users and group, and technically implement their
> +creation.
> +
> +User packages are placed in ``acct-user`` category.  Each user package
> +defines the properties of the particular user, and must be named after
> +the user it creates.  It must depend at build and run time on the groups
> +the user belongs to.
> +
> +Group packages are placed in ``acct-group`` category.  Each group
> +package defines the properties of the particular group, and must be
> +named after the group it creates.
> +
> +All user and group packages must define preferred fixed UIDs/GIDs,
> +and they must be unique within the repository.  The packages should
> +indicate whether the value needs to be strictly enforced, or whether
> +another UID/GID is acceptable when the user exists already or requested
> +UID/GID is taken.
> +
> +Packages needing a specific user or group use dependencies to pull
> +the required user/group packages.  If the user is needed at build time,
> +a build time dependency (``DEPEND``) must be used.  If the user is
> +needed at install and/or run time, a run time dependency (``RDEPEND``)
> +must be used.

Sounds like extra upgrade dependency time in an already crowded
resolution tree.

> +
> +Rationale
> +=========
> +
> +Requiring mailing list RFC
> +--------------------------
> +
> +The policy explicitly requires RFC-es for new users and groups, as they
> +have global scopes and effects of mistakes while adding them are hard
> +to fix.  Wider review should decrease the risk of major design mistakes.
> +
> +To provide one example, right now we have two different packages
> +creating ``git`` user and requiring a different home directory for
> +the user.  As a result, the first package being installed defines
> +the actual home directory, and both technically can not be installed
> +at the same time.

This section should go away.  It is a complete waste of time.

> +
> +
> +Satisfied goals
> +---------------
> +
> +Tracking of user/group usage is done through dependencies.  As long
> +as any installed package depends on a specific user/group package,
> +the respective user/group is assumed to be used.  If no package
> +requiring the specific user/group is left, the package manager
> +automatically prunes the package clearly indicating it is no longer
> +used.

You cannot know when a name is "no longer used".  An administrator could
have adopted a username for other purposes.

> +
> +Each user and group has a single respective package creating it.
> +If multiple packages need it, they depend on the same package.  This
> +ensures that all properties are kept in a single location, and do not
> +need to be synced.
> +
> +Having a single location with all predefined user/group ranges makes it
> +possible to maintain fixed UID/GID definitions.  This GLEP makes
> +allocating them obligatory.  While this isn't enforced for existing
> +users, it provides a way forward for new installations.
> +
> +Local overrides can be trivially implemented via local repository,
> +through overriding the respective user/group ebuilds.  The proposal also
> +respects direct sysadmin modifications.
> +
> +Avoiding unnecessary user/group creation at build time is implemented
> +via correct dependency types.  While this was possible with the status
> +quo, the dependency model should be more natural to developers and cause
> +less mistakes.
> +
> +

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to