fedora-atomic discussion point: /usr/lib/passwd

Colin Walters walters at verbum.org
Sat Apr 12 05:24:43 UTC 2014


On Fri, Apr 11, 2014 at 12:09 PM, Colin Walters <walters at verbum.org> 
wrote:
> On Fri, Apr 11, 2014 at 11:33 AM, Martin Langhoff 
> <martin.langhoff at gmail.com> wrote:
> > 
> > If you move in this direction, you have to create files/dirs to be
> > owned by the daemon user too.

If we ban set{u,g}id binaries for dynamic uids, then we can just have 
all files in /usr owned by root:root.  Then there are two other 
directories: /var and /etc.  For /var, the model OSTree pushes towards 
is one where /var should start completely empty.  So dynamically 
allocating uids works there.

However, /etc is still an issue; /etc/polkit-1/rules.d for example is 
owned by polkitd:root.  A quick run on my el7 workstation:

# find /etc '!' -uid 0 -o '!' -gid 0 | while read f; do rpm -qf $f; 
done | sort -u
chrony-1.29.1-1.el7.x86_64
cups-1.6.3-14.el7.x86_64
mock-1.1.38-1.el7.noarch
ntp-4.2.6p5-18.el7.x86_64
paps-0.6.8-28.el7.x86_64
pesign-0.109-6.el7.x86_64
polkit-0.112-5.el7.x86_64
polkit-pkla-compat-0.1-4.el7.x86_64
wvdial-1.61-9.el7.x86_64
#

Why are the mock files in /etc owned by root:mock?  It's not like 
they're secret...I wonder if it's  intentional.

Anyways yeah, a fair amount of stuff here.  A possible model is to 
patch the services to start as root, open up the config files they want 
(readonly or writable as appropriate), then setuid.  Would be fairly 
invasive as far as code goes.  Another is to just fall back to static 
allocation for these.   Another is to implement Lennart's suggestion of 
dynamic population instead of having the files shipped as owned by the 
uid/gid.





More information about the devel mailing list