[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#36508: GDM files have incorrect owner after temporarily removing ser
From: |
Mark H Weaver |
Subject: |
bug#36508: GDM files have incorrect owner after temporarily removing service |
Date: |
Sat, 17 Apr 2021 12:28:10 -0400 |
Hi Maxime,
Maxime Devos <maximedevos@telenet.be> writes:
> On Thu, 2021-04-15 at 14:58 -0400, Mark H Weaver wrote:
>> Maintain historical mappings from user/group names to UIDs/GIDs, perhaps
>> in some file in /etc, where entries are added but *never* automatically
>> removed. When allocating UIDs/GIDs, we would avoid any UIDs/GIDs in the
>> range of those mappings.
>
> This seems rather convoluted to me. Why not reuse /etc/passwd and
> /etc/groups?
> My suggestion:
>
> 1. *never* automatically delete users/groups from /etc/passwd, /etc/groups
> (I thought that was how Guix already worked ...)
> 2. as users and groups appearing in /etc/passwd and /etc/groups, but not
> in the operating system configuration can be confusing, change the comment
> string of these users and groups, to something like
>
> "account removed"
>
> Add a group 'user-graveyard' for (3), and move these 'pseudo-removed' users
> to the 'user-graveyard' group.
> 3. Don't forget to remove graveyard users from all groups (except
> user-graveyard),
> make sure the graveyard users can't log in anymore ... (Perhaps add a rule
> to
> the SSH and PAM configuration that forbids logging in to graveyard
> accounts,
> by checking whether the user is in the 'user-graveyard' group?)
I would be okay with this approach as well, although it's not obvious to
me that it's any cleaner than having a separate /etc/previous-uids file,
given items 2 and 3 above.
>> Then, provide a UID/GID garbage collector, to be explicitly run by users
>> if desired, which would scan all filesystems to find the set of UID/GIDs
>> currently referenced, and remove entries from the historical mappings
>> that are no longer needed.
>
> That seems useful for if /etc/passwd and /etc/group is getting full, or just
> for
> cleaning up. You may want to exclude /gnu/store though, for efficiency (-:.
Good point! That's one directory that would clearly be a waste to scan :-)
> And just in case check whether any live processes have the UID/GID.
Sure, sounds good.
Thanks!
Mark
- bug#36508: GDM files have incorrect owner after temporarily removing service, (continued)
- bug#36508: GDM files have incorrect owner after temporarily removing service, Mark H Weaver, 2021/04/15
- bug#36508: GDM files have incorrect owner after temporarily removing service, Ludovic Courtès, 2021/04/15
- bug#36508: GDM files have incorrect owner after temporarily removing service, Mark H Weaver, 2021/04/15
- bug#36508: GDM files have incorrect owner after temporarily removing service, Ludovic Courtès, 2021/04/16
- bug#36508: GDM files have incorrect owner after temporarily removing service, Mark H Weaver, 2021/04/17
- bug#36508: GDM files have incorrect owner after temporarily removing service, Mark H Weaver, 2021/04/15
- bug#36508: GDM files have incorrect owner after temporarily removing service, Ludovic Courtès, 2021/04/16
- bug#36508: GDM files have incorrect owner after temporarily removing service, Mark H Weaver, 2021/04/15
- bug#36508: GDM files have incorrect owner after temporarily removing service, Mark H Weaver, 2021/04/15
- bug#36508: GDM files have incorrect owner after temporarily removing service, Maxime Devos, 2021/04/16
- bug#36508: GDM files have incorrect owner after temporarily removing service,
Mark H Weaver <=