On Do, 11.01.18 10:53, Zbigniew Jędrzejewski-Szmek (zbyszek@xxxxxxxxx) wrote: > > As a very simple example take a docker host that has been upgraded > > with a fresh container on it. The nobody user is going to differ > > between the two which will at a minimum cause confusion, if not actual > > issues to arise. > > This example is very unconvincing. If I have three docker images, one > with Fedora, one with Ubuntu, one with OpenSUSE, I'll have different > nobody user/group combo in each case. So expecting any sort of consistency > is unwarranted already. > > > Sometimes you just need to "bite the bullet" on a change and accept it > > will be painful in the short term for benefit in the longer term. > Yeah, but "biting the bullet" is quite hard in this case. Somebody > elsewhere in the thread raised the case of tarred backups. People expect > to be able to restore files from a backup, always and unconditionally > and without any owner misattribution. That's why we never remove > existing users and setup.rpm does not reuse uids that stopped being > useful 10 years ago. > > I expect that the workaround would have to be carried for quite a > while, let's say two years, 4 releases. Hopefully by that time the > use of the old names will be much rarer, and _then_ actually removing > the workaround will be much easier. At the moment new systems stop > having the old names defined by default, pressure starts on > script/package/external-package to stop using those names. This means > that their usually starts decreasing without anybody forcefully pushing > that. > > I liked the original plan too, but I think there's too many > (legitimate) concerns about breakage to push it through. If this > was about one simple thing you need to check or do, then it'd be different, > but finding all the uses of a user is messy and complicated. I think we should provide a script somewhere (setup.rpm?) that allows folks who want to update their existing systems and update the "nobody" user there to do so in a reasonably safe way. This script would have to be called explicitly by the admin however, acknowledging that they need to make sure first that they don't have files owned by the old nobody/99 user or have them but are OK if they suddenly become owned by "oldnobody" or so... That way, we are safe by default, but people who want the old cruft gone can do so by their own choice and take the risk. Lennart -- Lennart Poettering, Red Hat _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx