[systemd-devel] [PATCH] TODO: passwd.d, group.d
Kay Sievers
kay at vrfy.org
Tue Apr 23 04:30:26 PDT 2013
On Mon, Apr 22, 2013 at 11:53 PM, Josh Triplett <josh at joshtriplett.org> wrote:
> 1) Leave only root in /etc/passwd and /etc/group.
> 2) Add passwd.d and group.d directories in /etc and under /usr, which
> accept one record per file (with name given by the filename) and
> which do not include UIDs or GIDs.
> 3) When new users or groups show up, dynamically allocate new IDs for
> them, and record them in a separate persistent name<->number mapping
> used by the PAM module. Keep them there as long as the .d file
> exists, or as long as anything on the system (file or process) uses
> the UID.
How would we notice "showing up" for system ids which will not go through pam?
This will only work for things logging-in or authenticating otherwise,
right? Or did you mean nss lookups?
> 4) When the .d file goes away, and nothing uses the UID or GID anymore,
> throw it at the back of the list of IDs to reuse.
How do we find out that there is nothing on the file system?
> 5) In the same daemon managing this, optionally support minting small
> numbers of ephemeral UIDs/GIDs for use in containers, when they don't
> need to map to any useful persistent privileges on the host system.
> Also optionally support creating new non-ephemeral UIDs/GIDs, for
> persistent use on the host.
> 6) Eventually move to a big enough ID space that reuse becomes
> irrelevant, and then allow users to obtain larger blocks of IDs for
> container use.
You mean user namespaces here?
> Effectively, treat ID numbers as magic rotating implementation details
> that nobody should care about, and names as the primary identifier.
How would installing a setgid tool from a package work? When would the
tool get the right gid assigned at installation time? That stuff needs
to be verifiable, we would record these ownerships somewhere else to
be able to reproduce them?
How do we cover the magic numbers recorded in the inodes of persistent
filesystems? Unfortunately they don't work like 'tar' and have only
the ids and not the names in it.
Kay
More information about the systemd-devel
mailing list