GNU bug report logs - #45571
Support stable uids and gids for system accounts in a container

Previous Next

Full log

View this message in rfc822 format

From: Danny Milosavljevic <dannym <at> scratchpost.org>
To: Leo Prikler <leo.prikler <at> student.tugraz.at>, 45571 <at> debbugs.gnu.org
Subject: bug#45571: Support stable uids and gids for all accounts
Date: Sat, 2 Jan 2021 16:04:15 +0100

[Message part 1 (text/plain, inline)]

Hi Leo,

> > Considering the goal of Guix, it's weird that with Guix, one needs to
> > store&restore /etc/passwd at all.  It's state, but not very useful
> > one.
> > I mean that's how it is right now--but it's still weird.
> > With /etc/shadow maybe there's a slightly better case, but note that
> > the key
> > to find stuff in /etc/shadow can't be the uid--the uid isn't even in
> > there!  

> AFAIU yes, it's state, but not one that Guix can simply do away with. 

It's easily possible to recreate /etc/passwd from scratch if the uids are
always specified in <user-account>s and thus /etc/passwd would not need to
be persistent state anymore.  Right now everything from /etc/passwd except
the uid and the comment is already specified in <user-account>.

So Guix can indeed simply do away with the persistent state of
/etc/passwd--that's why I suggested specifying the uids in the first place.

(By now I don't think that's the best way to make UIDs stable, but it's
factually incorrect to assert that Guix can't simply do away with that
persistent state specifically.  It can.)

> There is not yet a syntax for keeping secrets, which would be needed to
> fully populate /etc from config.scm.  Perhaps we'll get there some day.

/etc/passwd does not contain secrets.  Neither does /etc/group.

And /etc/shadow doesn't contain uids.

So there is no conflict.

[Message part 2 (application/pgp-signature, inline)]

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.