[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#36508: GDM files have incorrect owner after temporarily removing ser
|
From: |
Maxime Devos |
|
Subject: |
bug#36508: GDM files have incorrect owner after temporarily removing service |
|
Date: |
Fri, 16 Apr 2021 12:42:53 +0200 |
|
User-agent: |
Evolution 3.34.2 |
On Thu, 2021-04-15 at 14:58 -0400, Mark H Weaver wrote:
> Ludovic Courtès <ludo@gnu.org> writes:
>
> > Mark H Weaver <mhw@netris.org> skribis:
> >
> > > Here's one idea: when activating a system, *never* delete users or
> > > groups if files still exist that are owned by those users/groups.
> > > Checking all filesystems would likely be too expensive, but perhaps it
> > > would be sufficient to check certain directories such as /var, /etc, and
> > > possibly the top directory of /home.
And /tmp, /media and /run/user.
> >
> > How would you determine which directories to look at though? What if we
> > miss an important one?
>
> I have another idea:
>
> Maintain historical mappings from user/group names to UIDs/GIDs, perhaps
> in some file in /etc, where entries are added but *never* automatically
> removed. When allocating UIDs/GIDs, we would avoid any UIDs/GIDs in the
> range of those mappings.
This seems rather convoluted to me. Why not reuse /etc/passwd and /etc/groups?
My suggestion:
1. *never* automatically delete users/groups from /etc/passwd, /etc/groups
(I thought that was how Guix already worked ...)
2. as users and groups appearing in /etc/passwd and /etc/groups, but not
in the operating system configuration can be confusing, change the comment
string of these users and groups, to something like
"account removed"
Add a group 'user-graveyard' for (3), and move these 'pseudo-removed' users
to the 'user-graveyard' group.
3. Don't forget to remove graveyard users from all groups (except
user-graveyard),
make sure the graveyard users can't log in anymore ... (Perhaps add a rule to
the SSH and PAM configuration that forbids logging in to graveyard accounts,
by checking whether the user is in the 'user-graveyard' group?)
> Then, provide a UID/GID garbage collector, to be explicitly run by users
> if desired, which would scan all filesystems to find the set of UID/GIDs
> currently referenced, and remove entries from the historical mappings
> that are no longer needed.
That seems useful for if /etc/passwd and /etc/group is getting full, or just for
cleaning up. You may want to exclude /gnu/store though, for efficiency (-:.
And just in case check whether any live processes have the UID/GID.
Suggested command name: "guix user-gc".
Greetings,
Maxime.
signature.asc
Description: This is a digitally signed message part
- bug#36508: GDM files have incorrect owner after temporarily removing service, (continued)
- bug#36508: GDM files have incorrect owner after temporarily removing service, Ludovic Courtès, 2021/04/15
- bug#36508: GDM files have incorrect owner after temporarily removing service, Mark H Weaver, 2021/04/15
- bug#36508: GDM files have incorrect owner after temporarily removing service, Ludovic Courtès, 2021/04/15
- bug#36508: GDM files have incorrect owner after temporarily removing service, Mark H Weaver, 2021/04/15
- bug#36508: GDM files have incorrect owner after temporarily removing service, Ludovic Courtès, 2021/04/16
- bug#36508: GDM files have incorrect owner after temporarily removing service, Mark H Weaver, 2021/04/17
- bug#36508: GDM files have incorrect owner after temporarily removing service, Mark H Weaver, 2021/04/15
- bug#36508: GDM files have incorrect owner after temporarily removing service, Ludovic Courtès, 2021/04/16
- bug#36508: GDM files have incorrect owner after temporarily removing service, Mark H Weaver, 2021/04/15
- bug#36508: GDM files have incorrect owner after temporarily removing service, Mark H Weaver, 2021/04/15
- bug#36508: GDM files have incorrect owner after temporarily removing service,
Maxime Devos <=
- bug#36508: GDM files have incorrect owner after temporarily removing service, Mark H Weaver, 2021/04/17