Re: F28 System Wide Change: Rename "nobody" user

On 01/15/2018 01:28 PM, Zbigniew Jędrzejewski-Szmek wrote: > On Mon, Jan 15, 2018 at 11:04:32AM -0500, Steve Dickson wrote: >> >> >> On 01/10/2018 05:46 AM, Jan Kurik wrote: >>> = System Wide Change: Rename "nobody" user = >>> https://fedoraproject.org/wiki/Changes/RenameNobodyUser >> A nit...

Re: F28 System Wide Change: Rename "nobody" user

On Mon, Jan 15, 2018 at 3:37 PM, Adam Williamson wrote: > On Mon, 2018-01-15 at 10:53 -0500, Steve Dickson wrote: > >> Googling 'linux nobody uid' it appears nobody is a uid used by apps >> that don't want to run as root. In case they got hacked the would >> not have

Re: F28 System Wide Change: Rename "nobody" user

On 15 January 2018 at 15:37, Adam Williamson wrote: > On Mon, 2018-01-15 at 10:53 -0500, Steve Dickson wrote: > >> Googling 'linux nobody uid' it appears nobody is a uid used by apps >> that don't want to run as root. In case they got hacked the would >> not have root

Re: F28 System Wide Change: Rename "nobody" user

On Mon, 2018-01-15 at 10:53 -0500, Steve Dickson wrote: > Googling 'linux nobody uid' it appears nobody is a uid used by apps > that don't want to run as root. In case they got hacked the would > not have root privileges, but with SElinux around I think that > problem has been solve. This

Re: F28 System Wide Change: Rename "nobody" user

On Fri, 2018-01-12 at 16:29 -0500, John Florian wrote: > On Thu, 2018-01-11 at 10:08 -0800, Adam Williamson wrote: > > On Thu, 2018-01-11 at 10:19 -0700, Chris Murphy wrote: > > > "Upgrading the system multiple times through the upgrade process > > > should give a result that is the same as an

Re: F28 System Wide Change: Rename "nobody" user

On Mon, Jan 15, 2018 at 10:53:32AM -0500, Steve Dickson wrote: > Hello, > > In summary: Legacy application that expect the 99 uid or the > 'nfsnobody' user name will break, but from an NFS protocol > aspect I think we are fine since the same value is going > over the wire. Cool, thanks. > This

Re: F28 System Wide Change: Rename "nobody" user

On Mon, Jan 15, 2018 at 11:04:32AM -0500, Steve Dickson wrote: > > > On 01/10/2018 05:46 AM, Jan Kurik wrote: > > = System Wide Change: Rename "nobody" user = > > https://fedoraproject.org/wiki/Changes/RenameNobodyUser > A nit... The proposed rename looks like: > nobody:x:65534:65534:Kernel

Re: F28 System Wide Change: Rename "nobody" user

On 01/10/2018 05:46 AM, Jan Kurik wrote: > = System Wide Change: Rename "nobody" user = > https://fedoraproject.org/wiki/Changes/RenameNobodyUser A nit... The proposed rename looks like: nobody:x:65534:65534:Kernel Overflow User:/:/sbin/nologin Now that this is going to be used for NFS,

Re: F28 System Wide Change: Rename "nobody" user

Hello, In summary: Legacy application that expect the 99 uid or the 'nfsnobody' user name will break, but from an NFS protocol aspect I think we are fine since the same value is going over the wire. This is a Fedora only thing since the user name nfsnobody is not used in other distros. The

Re: F28 System Wide Change: Rename "nobody" user

On 01/13/2018 10:18 AM, Steve Dickson wrote: On 01/13/2018 08:50 AM, Steve Dickson wrote: So I guess the next question is what the current nobody id (25) used for and why does it exist? Doing some research on this back in Aug 2001 nfsnobody was added to nfs-utils for the reasons stated in

Re: F28 System Wide Change: Rename "nobody" user

On 01/13/2018 08:50 AM, Steve Dickson wrote: > So I guess the next question is what the current > nobody id (25) used for and why does it exist? Doing some research on this back in Aug 2001 nfsnobody was added to nfs-utils for the reasons stated in

Re: F28 System Wide Change: Rename "nobody" user

On 01/12/2018 07:32 PM, Louis Lagendijk wrote: > On Fri, 2018-01-12 at 07:20 -0500, Steve Dickson wrote: >> Instead of doing the blow by blow these threads >> always turn into I'm just going jump to the point. >> >> systemd wants to use uid 65534 and it can't because >> NFS is using it. So

Re: F28 System Wide Change: Rename "nobody" user

On 01/12/2018 05:11 PM, Neal Gompa wrote: >> Side Note: I have a ping out to a SUSE guy to see how they handle this >> but the guy lives on the other side of the earth so I probably >> will not get a response until tomorrow. > I can tell you what that is, as I run (open)SUSE systems. > > SUSE

Re: F28 System Wide Change: Rename "nobody" user

On Fri, 2018-01-12 at 07:20 -0500, Steve Dickson wrote: > Instead of doing the blow by blow these threads > always turn into I'm just going jump to the point. > > systemd wants to use uid 65534 and it can't because > NFS is using it. So instead of changing systemd needs > they want to change NFS

Re: F28 System Wide Change: Rename "nobody" user

On Fri, Jan 12, 2018 at 11:19 AM, Steve Dickson wrote: > > > On 01/12/2018 10:57 AM, Daniel Walsh wrote: >> On 01/12/2018 10:41 AM, Steve Dickson wrote: >>> >>> On 01/12/2018 09:47 AM, Lennart Poettering wrote: On Fr, 12.01.18 09:28, Steve Dickson (ste...@redhat.com)

Re: F28 System Wide Change: Rename "nobody" user

On Thu, 2018-01-11 at 10:08 -0800, Adam Williamson wrote: > On Thu, 2018-01-11 at 10:19 -0700, Chris Murphy wrote: > > "Upgrading the system multiple times through the upgrade process > > should give a result that is the same as an original install of > > Fedora > > Workstation." > >

Re: F28 System Wide Change: Rename "nobody" user

On 01/12/2018 10:57 AM, Daniel Walsh wrote: > On 01/12/2018 10:41 AM, Steve Dickson wrote: >> >> On 01/12/2018 09:47 AM, Lennart Poettering wrote: >>> On Fr, 12.01.18 09:28, Steve Dickson (ste...@redhat.com) wrote: >>> > User namespacing is a Linux kernel feature. It's most well known >

Re: F28 System Wide Change: Rename "nobody" user

On Fr, 12.01.18 10:41, Steve Dickson (ste...@redhat.com) wrote: > >>> It's not systemd that came up with reusing 65534 for user > >>> namespacing. It's kernel people: > >>> > >>> $ cat /proc/sys/kernel/overflowuid > >>> 65534 > >> How was that number chosen and why can't be

Re: F28 System Wide Change: Rename "nobody" user

On 01/12/2018 10:41 AM, Steve Dickson wrote: On 01/12/2018 09:47 AM, Lennart Poettering wrote: On Fr, 12.01.18 09:28, Steve Dickson (ste...@redhat.com) wrote: User namespacing is a Linux kernel feature. It's most well known consumers are probably Docker, and maybe flatpak/bubblewrap and LXC.

Re: F28 System Wide Change: Rename "nobody" user

On Fri, Jan 12, 2018 at 9:28 AM, Steve Dickson wrote: > > > On 01/12/2018 07:40 AM, Lennart Poettering wrote: >> On Fr, 12.01.18 07:20, Steve Dickson (ste...@redhat.com) wrote: >> >>> Instead of doing the blow by blow these threads >>> always turn into I'm just going jump to

Re: F28 System Wide Change: Rename "nobody" user

On 01/12/2018 09:47 AM, Lennart Poettering wrote: > On Fr, 12.01.18 09:28, Steve Dickson (ste...@redhat.com) wrote: > >>> User namespacing is a Linux kernel feature. It's most well known >>> consumers are probably Docker, and maybe flatpak/bubblewrap and LXC. >> Well know for how long? > > The

Re: F28 System Wide Change: Rename "nobody" user

On Fr, 12.01.18 09:28, Steve Dickson (ste...@redhat.com) wrote: > > User namespacing is a Linux kernel feature. It's most well known > > consumers are probably Docker, and maybe flatpak/bubblewrap and LXC. > Well know for how long? The commit adding user namespaces to the Linux kernel was in

Re: F28 System Wide Change: Rename "nobody" user

On 01/12/2018 07:40 AM, Lennart Poettering wrote: > On Fr, 12.01.18 07:20, Steve Dickson (ste...@redhat.com) wrote: > >> Instead of doing the blow by blow these threads >> always turn into I'm just going jump to the point. >> >> systemd wants to use uid 65534 and it can't because >> NFS is

Re: F28 System Wide Change: Rename "nobody" user

On 12 Jan 2018, at 7:40, Lennart Poettering wrote: > On Fr, 12.01.18 07:20, Steve Dickson (ste...@redhat.com) wrote: > >> Instead of doing the blow by blow these threads >> always turn into I'm just going jump to the point. >> >> systemd wants to use uid 65534 and it can't because >> NFS is using

Re: F28 System Wide Change: Rename "nobody" user

On Fr, 12.01.18 07:20, Steve Dickson (ste...@redhat.com) wrote: > Instead of doing the blow by blow these threads > always turn into I'm just going jump to the point. > > systemd wants to use uid 65534 and it can't because > NFS is using it. So instead of changing systemd needs > they want to

Re: F28 System Wide Change: Rename "nobody" user

Instead of doing the blow by blow these threads always turn into I'm just going jump to the point. systemd wants to use uid 65534 and it can't because NFS is using it. So instead of changing systemd needs they want to change NFS potentially break all NFS environments. Is or isn't this what we

Re: F28 System Wide Change: Rename "nobody" user

On Do, 11.01.18 17:36, R P Herrold (herr...@owlriver.com) wrote: > On Thu, 11 Jan 2018, Lennart Poettering wrote: > > > We are not taking the concept of this user/group away. We are also not > > taking the UID/GID assignment 65534 away, either. All we are doing is > > assigning it a better name

Re: F28 System Wide Change: Rename "nobody" user

On Do, 11.01.18 17:44, Chuck Anderson (c...@wpi.edu) wrote: > On Thu, Jan 11, 2018 at 11:24:56PM +0100, Lennart Poettering wrote: > > I hope you are aware that user id 65534 is used by user namespacing > > (i.e. CLONE_NEWUSER) too, and in that context is probably much more > > prominently visible

Re: F28 System Wide Change: Rename "nobody" user

On Thu, Jan 11, 2018 at 04:45:35PM +0100, Dridi Boukelmoune wrote: > > And also, at some point in the future once this is implemented and the > > new setup has been around for a while, systemd should start emitting a > > warning during boot, to notify people that such setups will stop being > >

Re: F28 System Wide Change: Rename "nobody" user

On Thu, Jan 11, 2018 at 11:31:40AM -0500, Nico Kadel-Garcia wrote: > On Thu, Jan 11, 2018 at 6:57 AM, Zbigniew Jędrzejewski-Szmek > wrote: > > > And also, at some point in the future once this is implemented and the > > new setup has been around for a while, systemd should

Re: F28 System Wide Change: Rename "nobody" user

On Thu, Jan 11, 2018 at 11:24:56PM +0100, Lennart Poettering wrote: > I hope you are aware that user id 65534 is used by user namespacing > (i.e. CLONE_NEWUSER) too, and in that context is probably much more > prominently visible to users than in the NFS context. The fact that > the user/group is

Re: F28 System Wide Change: Rename "nobody" user

On Thu, 11 Jan 2018, Lennart Poettering wrote: > We are not taking the concept of this user/group away. We are also not > taking the UID/GID assignment 65534 away, either. All we are doing is > assigning it a better name and do so unconditionally, independently of > whether nfsutils is installed

Re: F28 System Wide Change: Rename "nobody" user

On Do, 11.01.18 16:13, Steve Dickson (ste...@redhat.com) wrote: > > This is problematic in a few different ways: > > * 65534:65534 is used by the kernel as the overflow identifier, when > > some UID cannot be represented in the current namespace. This applies > > to both NFS, but probably more

Re: F28 System Wide Change: Rename "nobody" user

On 01/10/2018 11:14 AM, Stephen John Smoogen wrote: > On 10 January 2018 at 08:50, Neal Gompa wrote: >> On Wed, Jan 10, 2018 at 5:46 AM, Jan Kurik wrote: > >>> The new mapping for nobody:nobody would be implemented in two redundant >>> ways: >>> *

Re: F28 System Wide Change: Rename "nobody" user

WOW... Why do you guys keep picking on NFS?? :-) On 01/10/2018 05:46 AM, Jan Kurik wrote: > = System Wide Change: Rename "nobody" user = > https://fedoraproject.org/wiki/Changes/RenameNobodyUser > > Change owner(s): > *Zbigniew Jędrzejewski-Szmek > * Lennart Poettering > > Use "nobody:nobody"

Re: F28 System Wide Change: Rename "nobody" user

On Thu, Jan 11, 2018 at 1:08 PM, Adam Williamson wrote: > On Thu, 2018-01-11 at 10:19 -0700, Chris Murphy wrote: > > On Thu, Jan 11, 2018 at 3:26 AM, James Hogarth > wrote: > > > > > Having upgraded and freshly installed systems so different

Re: F28 System Wide Change: Rename "nobody" user

On Thu, 2018-01-11 at 10:19 -0700, Chris Murphy wrote: > On Thu, Jan 11, 2018 at 3:26 AM, James Hogarth > wrote: > > > Having upgraded and freshly installed systems so different is going to > > be messy with supporting users and in many deployed environments... > > and

Re: F28 System Wide Change: Rename "nobody" user

On Thu, Jan 11, 2018 at 3:26 AM, James Hogarth wrote: > Having upgraded and freshly installed systems so different is going to > be messy with supporting users and in many deployed environments... > and it's not even about F26 and F27 -> F28 but what happens on an F29+ >

Re: F28 System Wide Change: Rename "nobody" user

On Thu, Jan 11, 2018 at 6:57 AM, Zbigniew Jędrzejewski-Szmek wrote: > And also, at some point in the future once this is implemented and the > new setup has been around for a while, systemd should start emitting a > warning during boot, to notify people that such setups will

Re: F28 System Wide Change: Rename "nobody" user

On Thu, Jan 11, 2018 at 5:53 AM, Zbigniew Jędrzejewski-Szmek wrote: > On Thu, Jan 11, 2018 at 10:26:19AM +, James Hogarth wrote: >> I know this may sound fairly nasty in terms of work required to agree >> a solution but I honestly have a strong dislike to taking this >>

Re: F28 System Wide Change: Rename "nobody" user

> And also, at some point in the future once this is implemented and the > new setup has been around for a while, systemd should start emitting a > warning during boot, to notify people that such setups will stop being > supported at some future point. But your average user won't see that. For

Re: F28 System Wide Change: Rename "nobody" user

On Thu, Jan 11, 2018 at 12:34:54PM +0100, Lennart Poettering wrote: > On Do, 11.01.18 10:53, Zbigniew Jędrzejewski-Szmek (zbys...@in.waw.pl) wrote: > > > > As a very simple example take a docker host that has been upgraded > > > with a fresh container on it. The nobody user is going to differ > >

Re: F28 System Wide Change: Rename "nobody" user

On Do, 11.01.18 10:53, Zbigniew Jędrzejewski-Szmek (zbys...@in.waw.pl) wrote: > > As a very simple example take a docker host that has been upgraded > > with a fresh container on it. The nobody user is going to differ > > between the two which will at a minimum cause confusion, if not actual > >

Re: F28 System Wide Change: Rename "nobody" user

On Thu, Jan 11, 2018 at 10:26:19AM +, James Hogarth wrote: > On 11 January 2018 at 01:41, Zbigniew Jędrzejewski-Szmek > wrote: > > On Wed, Jan 10, 2018 at 10:26:24AM -0500, Nico Kadel-Garcia wrote: > >> On Wed, Jan 10, 2018 at 6:18 AM, Zbigniew Jędrzejewski-Szmek > >>

Re: F28 System Wide Change: Rename "nobody" user

On 11 January 2018 at 01:41, Zbigniew Jędrzejewski-Szmek wrote: > On Wed, Jan 10, 2018 at 10:26:24AM -0500, Nico Kadel-Garcia wrote: >> On Wed, Jan 10, 2018 at 6:18 AM, Zbigniew Jędrzejewski-Szmek >> wrote: >> > On Wed, Jan 10, 2018 at 11:56:46AM +0100,

Re: F28 System Wide Change: Rename "nobody" user

On Wed, Jan 10, 2018 at 10:26:24AM -0500, Nico Kadel-Garcia wrote: > On Wed, Jan 10, 2018 at 6:18 AM, Zbigniew Jędrzejewski-Szmek > wrote: > > On Wed, Jan 10, 2018 at 11:56:46AM +0100, Reindl Harald wrote: > >> > >> Am 10.01.2018 um 11:46 schrieb Jan Kurik: > >> >On existing

Re: F28 System Wide Change: Rename "nobody" user

On Wed, Jan 10, 2018 at 10:21:32AM -0500, Matthew Miller wrote: > On Wed, Jan 10, 2018 at 11:46:13AM +0100, Jan Kurik wrote: > > Use "nobody:nobody" as the names for the kernel overflow UID:GID pair, > > and retire the old "nfsnobody" name and the old "nobody:nogroup" pair > > with 99:99 numbers >

Re: F28 System Wide Change: Rename "nobody" user

On 10 January 2018 at 08:50, Neal Gompa wrote: > On Wed, Jan 10, 2018 at 5:46 AM, Jan Kurik wrote: >> The new mapping for nobody:nobody would be implemented in two redundant ways: >> * as a static allocation in /etc/passwd and /etc/group managed by

Re: F28 System Wide Change: Rename "nobody" user

On Wed, Jan 10, 2018 at 6:18 AM, Zbigniew Jędrzejewski-Szmek wrote: > On Wed, Jan 10, 2018 at 11:56:46AM +0100, Reindl Harald wrote: >> >> Am 10.01.2018 um 11:46 schrieb Jan Kurik: >> >On existing systems, to make upgrades easier: >> >* if nfsnobody was defined, keep it in

Re: F28 System Wide Change: Rename "nobody" user

On Wed, Jan 10, 2018 at 11:46:13AM +0100, Jan Kurik wrote: > Use "nobody:nobody" as the names for the kernel overflow UID:GID pair, > and retire the old "nfsnobody" name and the old "nobody:nogroup" pair > with 99:99 numbers See previous thread on this proposal from two years ago:

Re: F28 System Wide Change: Rename "nobody" user

On Wed, Jan 10, 2018 at 5:46 AM, Jan Kurik wrote: > = System Wide Change: Rename "nobody" user = > https://fedoraproject.org/wiki/Changes/RenameNobodyUser > > Change owner(s): > *Zbigniew Jędrzejewski-Szmek > * Lennart Poettering > > Use "nobody:nobody" as the names for the

Re: F28 System Wide Change: Rename "nobody" user

On Wed, Jan 10, 2018 at 11:56:46AM +0100, Reindl Harald wrote: > > > Am 10.01.2018 um 11:46 schrieb Jan Kurik: > >On existing systems, to make upgrades easier: > >* if nfsnobody was defined, keep it in /etc/passwd *after* the new > >line for nobody:nobody, so that both the old name and the new