Re: F28 System Wide Change: Rename "nobody" user

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Do, 11.01.18 17:44, Chuck Anderson (cra@xxxxxxx) wrote:

> On Thu, Jan 11, 2018 at 11:24:56PM +0100, Lennart Poettering wrote:
> > I hope you are aware that user id 65534 is used by user namespacing
> > (i.e. CLONE_NEWUSER) too, and in that context is probably much more
> > prominently visible to users than in the NFS context. The fact that
> > the user/group is called "nfsnobody" is quite misleading if most users
> > see it only in the user namespacing context which has zero
> > relationship to NFS.
> 
> Is there any security implication of re-using 65534 for user
> namespacing, since NFS was using it before?  Why not assign a new uid
> for user namespacing?

Too late for that, you should have brought that up years ago when
userns was first proposed for inclusion in the Linux kernel.

Also, semantically what NFS does with this and what userns does with
this is actually pretty much the same: it's the UID where unmappable
other UIDs are mapped to.

Lennart

-- 
Lennart Poettering, Red Hat
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux