Re: [gentoo-dev] dynamic groups and users

Hi, Jaco. On Thu, 2019-08-01 at 21:04 +0200, Jaco Kroon wrote: > Looking at the new eclasses for acct-user and acct-group. > > These enforce that a group and user id should be set. > > This is not a requirement for enewuser nor enewgroup. > > As a further discrepancy, the user eclass requires >

Re: [gentoo-dev] dynamic groups and users

Hi Ulrich, > >> I don't see any reason to prohibit having a user/group package for >> root. > > Is creation of (additional) users with UID 0 a good idea from a > security point of view? Maybe it is better to explicitly forbid it? > I believe the current code already prevents re-use of an already

Re: [gentoo-dev] dynamic groups and users

> On Wed, 07 Aug 2019, Michał Górny wrote: > On Tue, 2019-08-06 at 13:41 +0200, Jaco Kroon wrote: >> Attaching. It seems for some reason if I inline the patches they don't >> come through. If I mail to myself only it works just fine. > Actually, I think it should be changed the other way a

Re: [gentoo-dev] dynamic groups and users

Hi Michał, On 2019/08/07 17:48, Michał Górny wrote: > On Tue, 2019-08-06 at 13:41 +0200, Jaco Kroon wrote: >> Hi Guys, >> >> > Attaching. It seems for some reason if I inline the patches they don't >> come through. If I mail to myself only it works just fine. >> > > Actually, I think it should be

Re: [gentoo-dev] dynamic groups and users

On Tue, 2019-08-06 at 13:41 +0200, Jaco Kroon wrote: > Hi Guys, > > Attaching. It seems for some reason if I inline the patches they don't > come through. If I mail to myself only it works just fine. > Actually, I think it should be changed the other way around. I don't see any reason to pro

Re: [gentoo-dev] dynamic groups and users

Hi Guys, Attaching.  It seems for some reason if I inline the patches they don't come through.  If I mail to myself only it works just fine. Kind Regards, Jaco Kroon C.E.O. *T:* +27 (0)12 021 | *F:* +27 86 648 8561 | *E:* j...@iewc.co.za *W:* iewc.co.za | *A:* U

Re: [gentoo-dev] dynamic groups and users

Hi Michał, On 2019/08/02 19:06, Michał Górny wrote: On Fri, 2019-08-02 at 12:24 -0400, Michael Orlitzky wrote: On 8/2/19 11:58 AM, Michał Górny wrote: Given that overlays won't do proper assignment, the numbers they choose may collide with numbers used in ::gentoo. Forcing explicit assignment

Re: [gentoo-dev] dynamic groups and users

> "MO" == Michael Orlitzky writes: MO> and set the desired ID to either 999 or a random number like MO> floppym suggested. Remember that there are sites where user uids still start at 500, and even recent installs have to work there, too. Nothing over 499 should be used for system uids. -J

Re: [gentoo-dev] dynamic groups and users

On Fri, 2019-08-02 at 12:24 -0400, Michael Orlitzky wrote: > On 8/2/19 11:58 AM, Michał Górny wrote: > > Given that overlays won't do proper assignment, the numbers they choose > > may collide with numbers used in ::gentoo. Forcing explicit assignment > > from dynamic range is cleaner in that rega

Re: [gentoo-dev] dynamic groups and users

On Thu, Aug 1, 2019 at 4:01 PM Mike Gilbert wrote: > If you're feeling crazy, this will get you a random assignment between > 1 and 999, with the same fallback logic. > > ACCT_GROUP_ID=$(( RANDOM % 998 + 1 )) Correction: this is actually off by one. RANDOM % 999 will give a number between 0 and 9

Re: [gentoo-dev] dynamic groups and users

On 8/2/19 11:58 AM, Michał Górny wrote: > > Given that overlays won't do proper assignment, the numbers they choose > may collide with numbers used in ::gentoo. Forcing explicit assignment > from dynamic range is cleaner in that regard. > I think it would be cleanest to leave the hacks in the o

Re: [gentoo-dev] dynamic groups and users

On Fri, 2019-08-02 at 11:46 -0400, Michael Orlitzky wrote: > On 8/2/19 5:53 AM, Michał Górny wrote: > > Sure. Please preferably address two of them separately, so we can > > commit the 0 patch first, and -1 when CI is ready. > > > > Maybe I'm just feeling cynical, but what do we gain by adding su

Re: [gentoo-dev] dynamic groups and users

On 8/2/19 5:53 AM, Michał Górny wrote: > > Sure. Please preferably address two of them separately, so we can > commit the 0 patch first, and -1 when CI is ready. > Maybe I'm just feeling cynical, but what do we gain by adding support for something that no real package should do? Is it just to av

Re: [gentoo-dev] dynamic groups and users

Dnia August 2, 2019 9:14:56 AM UTC, Jaco Kroon napisał(a): >Thank you Michał, much appreciated. > >I've in the meantime to make progress on my side picked something which > >was not in use in ::gentoo, so I can move forward, but it's be really >good to have the below feature anyway going forward.

Re: [gentoo-dev] dynamic groups and users

Thank you Michał, much appreciated. I've in the meantime to make progress on my side picked something which was not in use in ::gentoo, so I can move forward, but it's be really good to have the below feature anyway going forward. On 2019/08/01 22:47, Michał Górny wrote: On Thu, 2019-08-01 a

Re: [gentoo-dev] dynamic groups and users

On Thu, 2019-08-01 at 21:04 +0200, Jaco Kroon wrote: > Hi, > > Looking at the new eclasses for acct-user and acct-group. > > These enforce that a group and user id should be set. > > This is not a requirement for enewuser nor enewgroup. > > As a further discrepancy, the user eclass requires >0

Re: [gentoo-dev] dynamic groups and users

Hi Mike, From user.eclass: 146 if [[ ${euid} -gt 0 ]] ; then 147 if [[ -n $(egetent passwd ${euid}) ]] ; then 148 [[ -n ${force_uid} ]] && die "${FUNCNAME}: UID ${euid} already taken" 149 euid="next" 150 fi 151 else 152   

Re: [gentoo-dev] dynamic groups and users

On Thu, Aug 1, 2019 at 3:04 PM Jaco Kroon wrote: > > Hi, > > Looking at the new eclasses for acct-user and acct-group. > > These enforce that a group and user id should be set. > > This is not a requirement for enewuser nor enewgroup. The new eclasses require you to set a fixed id, but they do no