On Mon, 11 Dec 2023 20:42, Lew Wolfgang wrote:
On 12/11/23 09:59, Andrei Borzenkov wrote:
On 11.12.2023 20:25, David C. Rankin wrote:
I do recall openSUSE moving some UID/GID around a while back
I am not sure I understand what you mean, but SUSE did not move anything around. SUSE switched from giant /etc/passwd and /etc/group to creating system users/groups on demand. Which means that exact UID and GID for the same users will depend on the order in which they are created (which in turn depends on the order in which packages requiring these users/groups were installed).
And this has bitten me a time or two in the past when doing a full-install upgrade instead of an in-place one. Very annoying and time consuming. It's too bad a way couldn't be found to keep UID/GID static, at least within major versions, without having giant files. Maybe instead of assigning ascending numbers when created, they're pulled instead from a master static list of some sort? We know that "root" is always 0/0, why not say that "svn" is always 473/473 or some such?
Sadly ( - the world isn't nice - ) that ( - fixed ids - ) has become a opening for attacs. So the question remains, which poision do you want to swallow? There will never be a "true" answer. As a solution, a package tool should be created that extracts the owner/group/rights from the package (including post-scriptlets) so this info can be feed into chown / chmod / setfacl / setfattr or a script that combines these tools. Yes, rpm --setperms / --setugids exists and does some of the work, but at minimum (post-)scriptlets are ignored (and, I'm unsure about wheter --setugids works by name or by number, haven't tested that in a loooong time -- 1998? or there about). So a "simple" tool that is feed the package name -or- via an option, e.g. -f [/full/filename] a single file, sets the owner / group / mode / facl fattr / selinux stuff, of the whole package, all that "ugly" stuff, to make the task "repair this package" so much easier. That's my 2ct. - Yamaban.