[Dev] User ID allocation

Piotr Bartosiewicz p.bartosiewi at partner.samsung.com
Mon May 26 14:30:52 GMT 2014


On 26.05.2014 16:17, Kanevskiy, Alexander wrote:
> On 26/05/14 17:12 , "Piotr Bartosiewicz"
> <p.bartosiewi at partner.samsung.com> wrote:
>
>> On 22.05.2014 16:35, Łukasz Stelmach wrote:
>>> It was <2014-05-22 czw 11:16>, when Michal Witanowski wrote:
>>>> From: Dev [mailto:dev-bounces at lists.tizen.org] On Behalf Of Thiago
>>>> Macieira
>>>> Sent: Wednesday, May 21, 2014 7:54 PM
>>>>> Em qua 21 maio 2014, às 17:35:32, Michal Witanowski escreveu:
>>>>>> I'm in team working on Domain Separation (Linux Containers) and we
>>>>>> need to
>>>>>> reserve an UID for our daemon which will be communicating with
>>>>>> containers
>>>>>> via dbus socket (it  requires that UID in host and container match,
>>>>>> so we
>>>>>> can't trust default values).
>>>>>>
>>>>>> I was wondering if there exist any rules for User ID allocation on
>>>>>> Tizen 3.0 platform.
>>>>> Can't you simply have a useradd -r command in the RPM post-install
>>>>> rule?  This will create a UID for you. The software simply needs to
>>>>> getpwnam to get the UID.
>>> [...]
>>>> We can't just do "useradd -r", because it will generate a "random"
>>>> User ID.
>>>> We must be sure that UID of the deamon user will be the same,
>>>> regardless
>>>> system configuration, existing users in the system, etc.
>>> Why is that? Are you going to hardcode the uids anywhere? That is BAD.
>>>
>> Yes, we would like to hardcode the uids. Yes we know that it is BAD in
>> general.
>>
>> Let me explain the problem without using the 'container' word:
>>
>> We have 'n' different Tizen images.
>> How to ensure that in every image there exists the same user='User' with
>> the *same* uid=<uid>.
>
> What is the value of that exact numeric uid match between independent
> images ?
>
>> I've already explained why the uids needs to be the same - see my earlier
>> mails. I can't simply do a 'useradd' on the first one and use the uid on
>> the
>> other images because this uid can be occupied in some image.
>>
> Different image = different device = different runtime scope. Why this
> exact match matters ?
> You’re not going to use e.g. NFS between those devices where those uid
> might play good role.
> So, what is the value here ?
>
Different images AND the same device. We are implementing linux 
containers ie.
the lightweight virtualization - one Tizen host image and many Tizen 
guest images.
This UID is used to communicate between host and guests.

-- 
Piotr Bartosiewicz
Samsung R&D Institute Poland
Samsung Electronics



More information about the Dev mailing list