Re: F28 System Wide Change: Rename "nobody" user

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Jan 10, 2018 at 10:26:24AM -0500, Nico Kadel-Garcia wrote:
> On Wed, Jan 10, 2018 at 6:18 AM, Zbigniew Jędrzejewski-Szmek
> <zbyszek@xxxxxxxxx> wrote:
> > On Wed, Jan 10, 2018 at 11:56:46AM +0100, Reindl Harald wrote:
> >>
> >> Am 10.01.2018 um 11:46 schrieb Jan Kurik:
> >> >On existing systems, to make upgrades easier:
> >> >* if nfsnobody was defined, keep it in /etc/passwd *after* the new
> >> >line for nobody:nobody, so that both the old name and the new name map
> >> >to the same numbers
> >> >* if nobody user or group with number 99 was defined, keep it in
> >> >/etc/passwd and /etc/group, but rename to _nobody
> >> that don't make updates easier but breaks existing setups where
> >> nobody:nobody with 99:99 already owns files - don't touch long years
> >> running machines due dist-upgrades please - at least not with "dnf
> >> --releasever=28 distro-sync"
> >
> > That'd amount to leaving existing systems unchanged. That's an option
> > that I didn't like and initially rejected, but yeah, it's probably better.
> > I'll wait a bit more for feedback and update the proposal a bit later
> > to leave existing systems alone (i.e. systems which have either nobody
> > or nfsnobody already defined in the old style).
> >
> > Zbyszek
> 
> This is particularly relevant for rsync or tar restorations from old
> backups, and to NFS shares exposed across old and new environments.
> It's why changing active uid and and gid for any account can be
> perniciously awkward.

Based on this and other feedback, we updated the proposal.
We discussed all the ways in which we could try to reliably determine
if "nobody" is actually used, but that seems impossible. So the updated
version is:

1. update setup.rpm to nobody=65534 on new systems
2. teach systemd to not provide any mapping for nobody (in PID1 and in
   nss-systemd) based on a flag file, and create this file in %post if
   either nobody=99 or nfsnobody users are defined.

This essentially means that existing systems would behave as before,
and new systems will have just one nobody user with uid=65534.

See https://fedoraproject.org/wiki/Changes/RenameNobodyUser for more
detailed description.

Zbyszek
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux