On 3/29/2019 10:14 AM, Luis Ressel wrote:
On Fri, Mar 29, 2019 at 08:17:55AM +0000, Laurent Bercot wrote:
>> This is something we do indeed sorely need. We do not have one yet.
>> After the formalisation of projects, this should probably be a top priority.
>
> It is much more user-friendly to create appropriate uid/gids
> dynamically, at package first installation time (which is why I
> did so in later packages). We lose consistency of uid/gid numbering
> across machines, but I don't think it's a big issue.
I agree with both you here. I think it'd be very useful to keep
"system" uids and gids stable across hosts, but creating them
dynamically at package installation is much saner than a big, scary
/etc/group file listing everything.
I also agree here, but maybe instead of putting the users and troups
into the adelie-base package, we should look into writing a script that
contains an authoritative mapping of system/service users and their
related UIDs and GIDs. The script could be called "dynamically" by
packages post installs that need unprivileged users.
And while we're on this topic: I've noticed our post-install
hooks
create users in rather inconsistent ways. Some use useradd, some use
adduser, some hardcode uids/gids, some don't, and the flags passed
(especially) to useradd are also wildy different. It'd be awesome if we
could clean this mess up, and ideally in a way that doesn't require
every package author to "copy&paste the blessed useradd incantation".
Definitely agree with this. I know that [[sroracle]] was working on an
APKBUILD linter/static analyzer, and that might be a good place to put
these checks into.
Thanks!
Dan Theisen