[Dev] User ID allocation

Kanevskiy, Alexander alexander.kanevskiy at intel.com
Mon May 26 14:17:27 GMT 2014


On 26/05/14 17:12 , "Piotr Bartosiewicz"
<p.bartosiewi at partner.samsung.com> wrote:

>
>On 22.05.2014 16:35, Łukasz Stelmach wrote:
>> It was <2014-05-22 czw 11:16>, when Michal Witanowski wrote:
>>> From: Dev [mailto:dev-bounces at lists.tizen.org] On Behalf Of Thiago
>>>Macieira
>>> Sent: Wednesday, May 21, 2014 7:54 PM
>>>> Em qua 21 maio 2014, às 17:35:32, Michal Witanowski escreveu:
>>>>> I'm in team working on Domain Separation (Linux Containers) and we
>>>>>need to
>>>>> reserve an UID for our daemon which will be communicating with
>>>>>containers
>>>>> via dbus socket (it  requires that UID in host and container match,
>>>>>so we
>>>>> can't trust default values).
>>>>>
>>>>> I was wondering if there exist any rules for User ID allocation on
>>>>> Tizen 3.0 platform.
>>>> Can't you simply have a useradd -r command in the RPM post-install
>>>> rule?  This will create a UID for you. The software simply needs to
>>>> getpwnam to get the UID.
>> [...]
>>> We can't just do "useradd -r", because it will generate a "random"
>>>User ID.
>>> We must be sure that UID of the deamon user will be the same,
>>>regardless
>>> system configuration, existing users in the system, etc.
>> Why is that? Are you going to hardcode the uids anywhere? That is BAD.
>>
>Yes, we would like to hardcode the uids. Yes we know that it is BAD in
>general.
>
>Let me explain the problem without using the 'container' word:
>
>We have 'n' different Tizen images.
>How to ensure that in every image there exists the same user='User' with
>the *same* uid=<uid>.


What is the value of that exact numeric uid match between independent
images ?

>
>I've already explained why the uids needs to be the same - see my earlier
>mails. I can't simply do a 'useradd' on the first one and use the uid on
>the
>other images because this uid can be occupied in some image.
>

Different image = different device = different runtime scope. Why this
exact match matters ?
You’re not going to use e.g. NFS between those devices where those uid
might play good role.
So, what is the value here ?

-- 
Best regards, Alexander Kanevskiy.



---------------------------------------------------------------------
Intel Finland Oy
Registered Address: PL 281, 00181 Helsinki 
Business Identity Code: 0357606 - 4 
Domiciled in Helsinki 

This e-mail and any attachments may contain confidential material for
the sole use of the intended recipient(s). Any review or distribution
by others is strictly prohibited. If you are not the intended
recipient, please contact the sender and delete all copies.


More information about the Dev mailing list