On Fri, 2014-07-11 at 15:55 -0700, Colin Walters wrote:
Hi,
I was looking at user/group stuff more as part of the other thread on
https://fedoraproject.org/wiki/Changes/SystemdSysusers - but let's
ignore that for a second.
So on
https://fedoraproject.org/wiki/Packaging:UsersAndGroups#Soft_static_alloc...
- I followed the link to the "uidgid" section, and noticed "Hey, we have
another uid/gid listing here".
Scanning that list, I saw "polkituser"...which:
1) Doesn't exist - the polkit package allocates a user named "polkit"
2) Isn't used even if it did: polkit allocates a dynamic uid/gid.
Now Mirek and I currently maintain polkit, and at least I was unaware of
the existence of this reservation.
Basically, because this list isn't actually *used* by RPM at
installation time, it is prone to desynchronization with the actual code
in the spec files, and it happened in at least this case for polkit.
For the history -
https://bugzilla.redhat.com/show_bug.cgi?id=244950 and
https://bugzilla.redhat.com/show_bug.cgi?id=480776 are the pointers.
Static id was requested by former polkit maintainer - and reserved by
Phil - long time ago.
If the id was actually never in use or it is just rename of the former
polkituser id, it is safe to use it now for polkit ...
I did a bit of archaeology in the git log through several whitespace
cleanups/reorganizations and then hit a wall on this commit:
https://git.fedorahosted.org/cgit/setup.git/commit/?id=08258e0f748c4f372f...
Good google query is more powerful than gitlog in some cases ;) .
Hard to know what was going on at that time.
Anyways at least nowadays there appears to be a relatively sane SOP for
this wrt filing a trac ticket or bug against setup, but it seems like we
have an opportunity now for some sort of static check to ensure that the
systemd-sysusers snippets shipped by packages actually match that of
setup.
If you plan to use this 87 uid/gid for polkit, just let me know or file
bugzilla against setup - otherwise, I can likely just remove the
reservation from uidgid file.
Also, we should audit now to see if there are other packages besides
polkit that are out of sync.
There were such packages - I remember I notified maintainers of one or
two packages in the past about different/wrong uid/gid/name used.
However - afaik noone did full audit of id's - at least not recently -
and I don't plan it in near future - too long todo list...
Greetings,
Ondrej