Hi Mark, Mark H Weaver <m...@netris.org> skribis:
> Brendan Tildesley via Bug reports for GNU Guix <bug-guix@gnu.org> > writes: > >> I recently encountered what is likely the same bug. The directory >> /var/lib/gdm >> had the correct permissions gdm:gdm, but all the files inside had something >> like >> 973:gdm > > The underlying problem here, which I've also experienced, is that if you > reconfigure your system with fewer users/groups, and then later add > those users/groups back, there is no guarantee that they will be > assigned the same UIDs and GIDs. Yes. The patch Brendan posted LGTM (though I’m surprised the directory itself can have the right UID/GID while files inside it don’t; perhaps this was made possible by 2161820ebbbab62a5ce76c9101ebaec54dc61586, which chowns the home directory unconditionally.) Note that there are other places, in addition to GDM, where we forcefully reset the UID/GID of the home directory (e.g., for the ‘knot-resolver’ service.) My preferred solution to this would be to unconditionally chown -R home directories upon activation (for efficiency, it would be best if we could do that if and only if the home directory itself has wrong ownership). Thoughts? systemd-homed does something like that. The intuition here is that UIDs/GIDs are implementation details that should get out of the way. > There's some discussion of this issue at <https://bugs.gnu.org/44944>, > although I'm not sure that Danny's suggested solution is practical. > > Here's one idea: when activating a system, *never* delete users or > groups if files still exist that are owned by those users/groups. > Checking all filesystems would likely be too expensive, but perhaps it > would be sufficient to check certain directories such as /var, /etc, and > possibly the top directory of /home. How would you determine which directories to look at though? What if we miss an important one? Note that the ID allocation strategy in (gnu build accounts) ensures UIDs/GIDs aren’t reused right away (same strategy as implemented by Shadow, etc.). So if you remove “bob”, then add “alice”, “alice” won’t be able to access the left-behind /home/bob because it has a different UID. Ludo’.
