bug-coreutils
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: RFC: change chown *not* to look up numeric user/group names

From: Bob Proulx
Subject: Re: RFC: change chown *not* to look up numeric user/group names
Date: Thu, 19 Oct 2006 11:08:11 -0600
User-agent: Mutt/1.5.9i 
Pádraig Brady wrote:
> Jim Meyering wrote:
> > Can anyone present a case for *not* making this change?

This is also controlled by /etc/nsswitch.conf.  A typical
configuration would always search local files first and then search
network configuration after failing to get a local answer.  (In the
case of 'chown 0:0' this typically searches the network after
searching local files.)

For example in file /etc/nsswitch.conf any of the next would be
fairly normal configurations.
  passwd:         compat
Or:
  passwd:         files nis
Or:
  passwd:         files ldap

The only way to trigger the originally reported behavior of doing a
network lookup for 0:0 and causing a boot time problem is if the
system either a) does not have a zero entry in their local /etc/passwd
file or b) if the /etc/nsswitch.conf file is misconfigured to search
the network first as in this (bad) example.
  passwd:         ldap files  # bad override of local with network

I strongly believe that not having a root entry in the local password
file is a wrong configuration.  I strongly believe that configuring a
network override of local files is a wrong configuration.

At boot time when the network is not yet configured the local file
will be searched first, then the network will be attempted but will
fail without delay.  The values of 0:0 will resolve to root:root from
the data in the local file.  The operation will proceed.

After boot with the networking fully configured and a network database
such as ldap or nis configured a the values of 0:0 will also search
the network database.  It must do this because a user name of 0 may be
configured in the network database.  If that is so then the
translation for user name zero must occur.  (However I would also
consider that at the least an insane configuration too.)

Unless you want to make user name 0 uniquely special as compared to
other user names such as user name 1423.  And if so then should user
names below a configurable system threshold designating system users
also be special?  How will this configuration value be configured into
chown?  It suddenly becomes a bigger issue.  Once you make the name 0
special then a lot of other things in that area suddenly also need to
be special too that never needed it before.  I would not go there.

Therefore I don't see how these steps can be avoided.  A script
wishing to be completely local should use 'chown root:root' and the
system should have a root /etc/passwd entry and /etc/nsswitch.conf
should search local files before network databases.

> > Or maybe -- easiest of all -- just don't change anything :-)
> 
> I wouldn't change it.

I also vote not to change it.

Bob
reply via email to
[Prev in Thread] Current Thread [Next in Thread]