On Fri, Mar 07, 2025 at 10:38:54AM +0100, Mattias Ellert wrote:
I would like to request static gid/uid allocation for the xrootd
server.
The need for a fixed uid was raised by upstream in an issue on the
xrootd github repository:
https://github.com/xrootd/xrootd/issues/2433#issuecomment-2701010275
"Is it possible to also request a fixed, assigned UID for the xrootd
user on those platforms as there is for condor?
Just this week we hit an issue where the system UID for xrootd did not
match the container UID for xrootd, causing failures in having xrootd
access SMB/CIFS-based filesystems (this is because the kernel invokes
cifs-upcall in the system namespace while the access occurred from the
container)."
I might be tentatively OK with this from the base-passwd point of view,
although it's not really ideal. In this case, the restriction doesn't
appear to be that the ID has to be the same across different systems; it
just has to be the same between host and container on a given system.
I'm not sure if it's ever possible for the host and the container to be
of different distributions, for example, but it would be a problem if
they were. So assigning a static ID seems to be at the same time too
much and not enough.
How is the container created in this case? Would it perhaps be possible
to inject something into it that fixes the xrootd user's ID based on
that in use on the host?
--
Colin Watson (he/him) [[email protected]]
_______________________________________________
Pkg-shadow-devel mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-shadow-devel
