[Dev] User ID allocation

Piotr Bartosiewicz p.bartosiewi at partner.samsung.com
Mon May 26 15:32:59 GMT 2014

On 26.05.2014 17:01, Kanevskiy, Alexander wrote:
> On 26/05/14 17:30 , "Piotr Bartosiewicz"
> <p.bartosiewi at partner.samsung.com> wrote:
>> On 26.05.2014 16:17, Kanevskiy, Alexander wrote:
>>> On 26/05/14 17:12 , "Piotr Bartosiewicz"
>>> <p.bartosiewi at partner.samsung.com> wrote:
>>>> On 22.05.2014 16:35, Łukasz Stelmach wrote:
>>>>> It was <2014-05-22 czw 11:16>, when Michal Witanowski wrote:
>>>>>> From: Dev [mailto:dev-bounces at lists.tizen.org] On Behalf Of Thiago
>>>>>> Macieira
>>>>>> Sent: Wednesday, May 21, 2014 7:54 PM
>>>>>>> Em qua 21 maio 2014, às 17:35:32, Michal Witanowski escreveu:
>>>>>>>> I'm in team working on Domain Separation (Linux Containers) and we
>>>>>>>> need to
>>>>>>>> reserve an UID for our daemon which will be communicating with
>>>>>>>> containers
>>>>>>>> via dbus socket (it  requires that UID in host and container match,
>>>>>>>> so we
>>>>>>>> can't trust default values).
>>>>>>>> I was wondering if there exist any rules for User ID allocation on
>>>>>>>> Tizen 3.0 platform.
>>>>>>> Can't you simply have a useradd -r command in the RPM post-install
>>>>>>> rule?  This will create a UID for you. The software simply needs to
>>>>>>> getpwnam to get the UID.
>>>>> [...]
>>>>>> We can't just do "useradd -r", because it will generate a "random"
>>>>>> User ID.
>>>>>> We must be sure that UID of the deamon user will be the same,
>>>>>> regardless
>>>>>> system configuration, existing users in the system, etc.
>>>>> Why is that? Are you going to hardcode the uids anywhere? That is BAD.
>>>> Yes, we would like to hardcode the uids. Yes we know that it is BAD in
>>>> general.
>>>> Let me explain the problem without using the 'container' word:
>>>> We have 'n' different Tizen images.
>>>> How to ensure that in every image there exists the same user='User'
>>>> with
>>>> the *same* uid=<uid>.
>>> What is the value of that exact numeric uid match between independent
>>> images ?
>>>> I've already explained why the uids needs to be the same - see my
>>>> earlier
>>>> mails. I can't simply do a 'useradd' on the first one and use the uid
>>>> on
>>>> the
>>>> other images because this uid can be occupied in some image.
>>> Different image = different device = different runtime scope. Why this
>>> exact match matters ?
>>> You’re not going to use e.g. NFS between those devices where those uid
>>> might play good role.
>>> So, what is the value here ?
>> Different images AND the same device. We are implementing linux
>> containers ie.
>> the lightweight virtualization - one Tizen host image and many Tizen
>> guest images.
>> This UID is used to communicate between host and guests.
> One of the primary goals of virtualization is to make app scopes more
> secure.
> If your security is based on hardcoded numeric uids to communicate from
> different runtime scopes (even were they are on one device, having them in
> different containers is different scopes),
> well, it’s not a secure area in my understanding. compromised one scope
> would effectively compromise another one if the only check is same uid.
> I understand, it is easier to do such solutions. However, are we really
> interested in that long term ?
I don't think it's insecure, if you insist I will explain why, but now I 
no time and this discussion is going off topic. I recommend a set of
articles about the linux namespaces: https://lwn.net/Articles/531114/

Piotr Bartosiewicz
Samsung R&D Institute Poland
Samsung Electronics

More information about the Dev mailing list