[prev in list] [next in list] [prev in thread] [next in thread] 

List:       gentoo-dev
Subject:    Re: [gentoo-dev] A policy to support random superuser account names
From:       Alec Warner <antarus () gentoo ! org>
Date:       2010-04-30 19:36:39
Message-ID: z2nb41005391004301236p6cfc9a2cqacbbffed147b965d () mail ! gmail ! com
[Download RAW message or body]

On Fri, Apr 30, 2010 at 11:07 AM, Michał Górny <gentoo@mgorny.alt.pl> wrote:
> Hello,
>
> I would like to put an emphasis on the fact that many eclasses
> and ebuilds in gx86 are relying on an assumption that the superuser
> account is always supposed to be named 'root'.
>
> In fact, no such constraint exists. Although most users will never even
> think of changing the superuser account name, it is perfectly legit
> to do so, and to use any name for that account. Moreover, it is
> perfectly legit to name an unprivileged user 'root' too.

Whether it is legitimate or not is irrelevant.  Users can chose to do
all sorts of legitimate but in the end utterly retarded things to
their systems and developers chose whether or not to support them.
gcc flags are a common case here (I can legitimately set a number of
flags; but most developers ignore reports with odd flags.)

>
> Thus, the above assumption is clearly incorrect and may result in many
> issues with ebuilds using it. These range from builds failing because
> of chown 'invalid user' error to packages being installed with
> incorrect file ownership.

I'd say the assumption is correct in 95% of cases; so it remains a useful one.

>
> From what I've heard already, similar problem has hit Gentoo/*BSD users
> already, with superuser group not being named 'root'. Although some
> files were fixed to properly use numeric GID in the specific case,
> no UID-related changes were done.
>
> Moreover, not all developers agree with the case being an issue,
> and they even refuse patches clearly fixing it [1]. Thus, I guess that
> a clear policy regarding referencing the superuser account should be
> enforced.

Users do a number of utterly ridiculous things to their system and
developers are free to reject bug reports for any number of reasons
(this being one of them.)

>
> In my opinion, that policy should clearly indicate that the numeric
> UID/GID should be always used for referencing the superuser account
> as they are fixed unlike the names.

Except as stated they are not fixed (as Fabian pointed out).  I'm
happy to support something like setting ROOT_UID and ROOT_GID in
gentoo-x86 profiles and using those.  Then if you want to do something
utterly ridiculous to your system you can just set the appropriate
variables.

This will likely take a GLEP though; plus it is a major change to a
lot of software we have; are you willing to make said changes?  Making
a proposal like this is all well and good but you are asking for a lot
of work to be done for what is essentially very little gain for users.

-A

>
> [1] http://bugs.gentoo.org/show_bug.cgi?id=315779
>
> --
> Best regards,
> Michał Górny
>
> <http://mgorny.alt.pl>
> <xmpp:mgorny@jabber.ru>
>


[prev in list] [next in list] [prev in thread] [next in thread]