[Bug 1332538] Re: No UID checks on rootfs updates

Oliver Grawert ogra at ubuntu.com
Fri Jun 20 14:39:48 UTC 2014 

we will need to use libnss-extrausers to manage the non-system users
anyway on the readonly images, i wonder if we cant also use the
extrausers password/group files for other users, migrate them from
password to extrausers on first boot and watch additions/removals to the
readonly file during upgrades (which we process if necessary). that
would make the UIDs persistent in the writable space.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to system-image in Ubuntu.
https://bugs.launchpad.net/bugs/1332538

Title:
  No UID checks on rootfs updates

Status in “system-image” package in Ubuntu:
  New

Bug description:
  Hi,

  system-image updates will currently happily deliver an updated
  /etc/passwd with the list of UIDs reordered. This typically happens
  when we seed new software that creates a new user upon install.

  In a recent update, my /var/crash became owned by autopilot; most
  likely the UID of whoopsie became the one of autopilot after the
  update.

  In the short-term, we could catch such UID insertions at rootfs
  creation time, either before or after a rootfs hits the -proposed
  channel.

  In the mid-term, we need a strategy to cope with UID additions/removals/reorderings. One way to handle this would be to post-process UIDs by keeping a list of historical UIDs on the server side. For instance, on system-image.u.c systems we'd do this:
  - for the first image, import /etc/passwd and keep a copy on system-image.u.c
  - for updated images, compare /etc/passwd with the server copy; for each new UID, allocate a new system UIDs in the system-image.u.c master database
  - remap UIDs from the rootfs tarball to the ones in the system-image.u.c master database

  For instance, whoopsie would get a system UID allocated on system-
  image.u.c the first time it's used in an image, say 120, then it keep
  that 120 UID for all subsequent images. If a new image comes out of
  livecd-rootfs with whoopsie as UID 121, we'd remap the UIDs to UID 120
  and update /etc/passwd, /var/crash and any other file accordingly.

  Perhaps there's a more clever way to deal with this; ideas welcome! I
  fear that if we allow for UIDs to change in the distributed rootfs, we
  will have trouble updating all the user owned files, including on
  removable media, unmounted filesystems, in filesystem snapshots etc.

  Cheers,

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/system-image/+bug/1332538/+subscriptions

More information about the foundations-bugs mailing list