bug#45571: Support stable uids and gids for all accounts

[Danny Milosavljevic]

Hi,

I agree that user ids and group ids should be made stable, even in general.

I, too, have been bitten by this.  (So would everyone else if Guix touched
existing UNIX accounts in general)

The right way to make them stable is for Guix ot default each uid to the hash
of the user name.

That said, we'd want to leave free some range of the integer uids for the usual
suspects (yp, samba) to allocate domain users there.

The place to change is gnu/system/accounts.scm.  It would need to be changed
to do something similar for the "uid" field that it already does for the
"home-directory" field.

According to the source code of "useradd" in the package "shadow", it uses
the following range to use for automatic uid assignment:

Range starts at SYS_UID_MIN (default 1) for system user account uids, and stops
at SYS_UID_MAX (default (UID_MIN - 1)).
 
For non-system user account uids, it starts at UID_MIN (default 1000) and
stops at 60000 (UID_MAX).

See /etc/login.defs for the configured values.

Note that Linux has no problem using 32 bit uids.

If we want to make it possible for Guix to distinguish system from non-system
accounts by having different uid ranges for each, "system?" in the
<user-account> record would need to be moved to the front.
Then, in order to be backward compatible, custom procedures/macros
"make-user-account" and "user-account" would need to be provided with the
parameters in the previous order.

Should not be difficult to do--as always, the main work is in agreeing what
should be done, and in testing it after it's done.  The actual change is like
10 lines of source code.

(An easier workaround would be to make the uid mandatory, with the default
being failure.  But that would be the "punting" solution)

pgpQhdvdFTwaU.pgp
Description: OpenPGP digital signature