[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#36508: GDM files have incorrect owner after temporarily removing ser
|
From: |
Ludovic Courtès |
|
Subject: |
bug#36508: GDM files have incorrect owner after temporarily removing service |
|
Date: |
Wed, 14 Apr 2021 12:32:48 +0200 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) |
Hi Mark,
Mark H Weaver <mhw@netris.org> skribis:
> Brendan Tildesley via Bug reports for GNU Guix <bug-guix@gnu.org>
> writes:
>
>> I recently encountered what is likely the same bug. The directory
>> /var/lib/gdm
>> had the correct permissions gdm:gdm, but all the files inside had something
>> like
>> 973:gdm
>
> The underlying problem here, which I've also experienced, is that if you
> reconfigure your system with fewer users/groups, and then later add
> those users/groups back, there is no guarantee that they will be
> assigned the same UIDs and GIDs.
Yes.
The patch Brendan posted LGTM (though I’m surprised the directory itself
can have the right UID/GID while files inside it don’t; perhaps this was
made possible by 2161820ebbbab62a5ce76c9101ebaec54dc61586, which chowns
the home directory unconditionally.)
Note that there are other places, in addition to GDM, where we
forcefully reset the UID/GID of the home directory (e.g., for the
‘knot-resolver’ service.)
My preferred solution to this would be to unconditionally chown -R home
directories upon activation (for efficiency, it would be best if we
could do that if and only if the home directory itself has wrong
ownership). Thoughts?
systemd-homed does something like that. The intuition here is that
UIDs/GIDs are implementation details that should get out of the way.
> There's some discussion of this issue at <https://bugs.gnu.org/44944>,
> although I'm not sure that Danny's suggested solution is practical.
>
> Here's one idea: when activating a system, *never* delete users or
> groups if files still exist that are owned by those users/groups.
> Checking all filesystems would likely be too expensive, but perhaps it
> would be sufficient to check certain directories such as /var, /etc, and
> possibly the top directory of /home.
How would you determine which directories to look at though? What if we
miss an important one?
Note that the ID allocation strategy in (gnu build accounts) ensures
UIDs/GIDs aren’t reused right away (same strategy as implemented by
Shadow, etc.). So if you remove “bob”, then add “alice”, “alice” won’t
be able to access the left-behind /home/bob because it has a different
UID.
Ludo’.
- bug#36508: GDM files have incorrect owner after temporarily removing service, Brendan Tildesley, 2021/04/13
- bug#36508: GDM files have incorrect owner after temporarily removing service, Mark H Weaver, 2021/04/13
- bug#36508: GDM files have incorrect owner after temporarily removing service, Brendan Tildesley, 2021/04/14
- bug#36508: GDM files have incorrect owner after temporarily removing service,
Ludovic Courtès <=
- bug#36508: GDM files have incorrect owner after temporarily removing service, Mark H Weaver, 2021/04/15
- bug#36508: GDM files have incorrect owner after temporarily removing service, Ludovic Courtès, 2021/04/15
- bug#36508: GDM files have incorrect owner after temporarily removing service, Mark H Weaver, 2021/04/15
- bug#36508: GDM files have incorrect owner after temporarily removing service, Ludovic Courtès, 2021/04/16
- bug#36508: GDM files have incorrect owner after temporarily removing service, Mark H Weaver, 2021/04/17
- bug#36508: GDM files have incorrect owner after temporarily removing service, Mark H Weaver, 2021/04/15
- bug#36508: GDM files have incorrect owner after temporarily removing service, Ludovic Courtès, 2021/04/16
- bug#36508: GDM files have incorrect owner after temporarily removing service, Mark H Weaver, 2021/04/15