You are not logged in.
- Topics: Active | Unanswered
#1 2015-01-06 14:17:31
- CReimer
- Member
- Registered: 2012-09-06
- Posts: 6
Reserve UID/GID for unofficial packages
Hi,
I'm working on an unoffical repository for VDR on Arch Linux called VDR4Arch.
VDR runs as user 'vdr' and needs write access to /var/lib/vdr. There are also several plugins for vdr which add files to /var/lib/vdr.
The install script of the package 'vdr' adds a group 'vdr' and a user 'vdr' with the IDs 666 (I don't remember why I used 666)
If a plugin adds files to /var/lib/vdr the install script changes the owner and group to vdr:vdr
I did this to stop namcap from complaining. And this worked since the release of pacman 4.2.
Namcap is happy but now pacman complains about the different directory ownership between the package (root:root) and the filesystem (vdr:vdr)
Official packages like 'mpd' set gid and uid in the PKGBUILD and therefore seem to ignore namcap's warning.
For official packages there's also a list to reserve uid and gid
But unfortunately VDR4Arch is not an official project. How can I make sure no one else uses 666 as UID and GID?
I hope everything is understandable. As you may have noticed I'm not a native English speaker.
Thanks in advance
Christopher
Offline
#2 2015-01-06 15:20:21
- fsckd
- Forum Fellow
- Registered: 2009-06-15
- Posts: 4,173
Re: Reserve UID/GID for unofficial packages
In one of my packages, I don't specify a particular numerical UID or GID. Instead I let useradd and groupadd pick the numbers. (Hint: Read about the --system flag for those commands.)
aur S & M :: forum rules :: Community Ethos
Resources for Women, POC, LGBT*, and allies
Offline
#3 2015-01-06 17:31:30
- CReimer
- Member
- Registered: 2012-09-06
- Posts: 6
Re: Reserve UID/GID for unofficial packages
Yes. This may be possible for a single package.
But in my case there are several packages which need the exact same user. The vdr program itself and a lot of plugins for vdr.
As stated above I only know of two methods to handle this.
Either set the file permissions in the install script (How I do it right now) or set a fixed gid/uid in the PKGBUILD (How it's done in several Arch packages).
I'd like to know how a Trusted User or Arch Developer would handle this.
Offline
#4 2015-01-06 18:05:41
- fsckd
- Forum Fellow
- Registered: 2009-06-15
- Posts: 4,173
Re: Reserve UID/GID for unofficial packages
I do not know VDR. Can you explain why those packages need the numerical IDs? Can they not work with names?
aur S & M :: forum rules :: Community Ethos
Resources for Women, POC, LGBT*, and allies
Offline
#5 2015-01-06 18:30:34
- CReimer
- Member
- Registered: 2012-09-06
- Posts: 6
Re: Reserve UID/GID for unofficial packages
For the same reason why the 'mpd' package needs numerical IDs.
- The user may not exist on the build machine
- The UID/GID may be different on the build machine and the target machine
usernames and grounames are as far as I know just an alias für UID and GID
As you stated before if I add an user to a system it gets the next available UID
Let's say the vdr user gets UID 1001 on my build machine and on any other system where the package gets installed the vdr user gets UID 1005
Then the UIDs in the package and the filesystem differ again.
Therefore I have to use a fixed UID/GID combination in the package which adds the user. In case of VDR it is the package 'vdr'
A plugin for VDR e.g. vdr-epgsearch also places files in /var/lib/vdr (directory owned by the user generated by the 'vdr' package). And these files must have the same ownership as every other file in /var/lib/vdr
I used to have an install for the plugins file like this one: https://github.com/VDR4Arch/vdr4arch/bl … ch.install
The ownership inside the package is root:root and it gets changed in the install file. Since pacman 4.2 this is no longer possible, as it complains about different ownership between package and filesystem.
I really don't know how to describe it better. I need a fixed UID/GID combination. But I don't know how to make sure no one else uses these IDs in another package.
I remember when I used Slackware there is a list to reserve UIDs and GIDs --> http://slackbuilds.org/uid_gid.txt
Is there something like that for Arch, too?
Offline
#6 2015-02-11 17:51:26
- Gamonics
- Member
- From: Rhode Island, USA
- Registered: 2015-02-10
- Posts: 40
- Website
Re: Reserve UID/GID for unofficial packages
...
I really don't know how to describe it better. I need a fixed UID/GID combination. But I don't know how to make sure no one else uses these IDs in another package.I remember when I used Slackware there is a list to reserve UIDs and GIDs --> http://slackbuilds.org/uid_gid.txt
Is there something like that for Arch, too?
Not sure if this helps or not, and I know you're not targeting FreeBSD, but I just read this ("On FreeBSD, porters who need a UID for their package can pick a free one from the range 50 to 999 and then register this static allocation in ports/UIDs") and it seemed related so I thought I'd mention it.
I'm afraid I don't know if Arch or Linux distros in general have something similar or not.
Offline
#7 2015-02-11 18:21:15
- clfarron4
- Member
- From: London, UK
- Registered: 2013-06-28
- Posts: 2,163
- Website
Re: Reserve UID/GID for unofficial packages
@graysky has tried to get a discussion on a similar thing going here, where he has the following initial suggestion (which is rather unwieldy):
I can grep for 'useradd' in my abs tree and parse through the resulting 137 lines but there must be a better way.
Claire is fine.
Problems? I have dysgraphia, so clear and concise please.
My public GPG key for package signing
My x86_64 package repository
Offline