Aaron Hall
2006-Jan-11 05:48 UTC
[Adduser-devel] Bug#248500: adduser: do not re-use uids used once
Hello, on a local system I wanted to fix the problem talked about in this bug, and for us, the "naive" approach of selecting a UID one higher than the highest currently in the range was good enough. I locally modified adduser on my system to do that, and I created a patch against 3.80 in case it would be at all useful. The patch uses a "NO_REUSE_IDS" option, which activates the new behavior if set to "yes". It implements the change in the "first_avail_id()" routine. I am curious about the state-file approach, though; if that is introduced with a new version of adduser, what do you do about "holes" in the passwd file that existed prior to installation of that new version? Maybe do something similar to the naive approach once, to pre-fill the state file? Cheers, Aaron -- Aaron Hall : Badly configured DNS will, not may, but WILL ahall@vitaphone.net : reach out and touch many, many other people : in a way they didn''t want to be touched. : -- John C. Welch -------------- next part -------------- diff -c -r adduser-3.80/AdduserCommon.pm adduser-3.80-1+doctorwu1/AdduserCommon.pm *** adduser-3.80/AdduserCommon.pm Fri Nov 18 11:25:36 2005 --- adduser-3.80-1+doctorwu1/AdduserCommon.pm Tue Jan 10 23:30:55 2006 *************** *** 186,191 **** --- 186,192 ---- $configref->{"last_system_gid"} = 999; $configref->{"first_gid"} = 1000; $configref->{"last_gid"} = 29999; + $configref->{"no_reuse_ids"} = "no"; $configref->{"dhome"} = "/home"; $configref->{"skel"} = "/etc/skel"; $configref->{"usergroups"} = "yes"; diff -c -r adduser-3.80/adduser adduser-3.80-1+doctorwu1/adduser *** adduser-3.80/adduser Fri Nov 18 11:15:59 2005 --- adduser-3.80-1+doctorwu1/adduser Tue Jan 10 23:30:55 2006 *************** *** 746,759 **** my ($min, $max, @ids) = @_; @ids = sort {$a <=> $b} @ids; printf (gtx("Selecting from %s %s (%s).\n"),$min,$max,join(",",@ids)) if ($verbose > 1); - - while ($min <= $max) { - return $min if ($min < $ids[0] || @ids==0); - shift @ids if ($min > $ids[0]); - $min++ if ($min == $ids[0]); - } ! return -1; # nothing available } --- 746,775 ---- my ($min, $max, @ids) = @_; @ids = sort {$a <=> $b} @ids; printf (gtx("Selecting from %s %s (%s).\n"),$min,$max,join(",",@ids)) if ($verbose > 1); ! if ($config{no_reuse_ids} =~ /yes/) { ! # "no_reuse_ids" is something of a lie, since it''s possible ! # to reuse the previously-highest ID if it was deleted (i.e., ! # if uid 1701 was highest, and it gets deleted, leaving 1700 ! # as the highest, 1701 will be reused the next time, even with ! # no_reuse_ids. ! pop(@ids) until $ids[$#ids] <= $max; ! my $target_id = $ids[$#ids]; ! $target_id++; ! return $target_id unless $target_id > $max; ! ! # if $target_id is too large, pretend we found nothing ! return -1; ! } ! else { ! while ($min <= $max) { ! return $min if ($min < $ids[0] || @ids==0); ! shift @ids if ($min > $ids[0]); ! $min++ if ($min == $ids[0]); ! } ! ! return -1; # nothing available ! } } diff -c -r adduser-3.80/adduser.conf adduser-3.80-1+doctorwu1/adduser.conf *** adduser-3.80/adduser.conf Fri Nov 18 11:21:05 2005 --- adduser-3.80-1+doctorwu1/adduser.conf Tue Jan 10 23:35:16 2006 *************** *** 33,38 **** --- 33,44 ---- FIRST_UID=1000 LAST_UID=29999 + # NO_REUSE_IDS can be either "yes" or "no". If "yes", adduser will + # attempt not to reuse a UID that once existed but has since been + # deleted. If there was once a UID higher than any presently-existing + # UID, that UID might still be reused. + NO_REUSE_IDS=no + # The USERGROUPS variable can be either "yes" or "no". If "yes" each # created user will be given their own group to use as a default. If # "no", each created user will be placed in the group whose gid is diff -c -r adduser-3.80/doc/adduser.conf.5 adduser-3.80-1+doctorwu1/doc/adduser.conf.5 *** adduser-3.80/doc/adduser.conf.5 Tue Aug 16 08:25:59 2005 --- adduser-3.80-1+doctorwu1/doc/adduser.conf.5 Tue Jan 10 23:30:55 2006 *************** *** 70,75 **** --- 70,84 ---- be dynamically allocated. Default to .IR 1000 " - " 29999 . .TP + \fBNO_REUSE_IDS\fP + If this is set to + .IR yes , + adduser will attempt not to reuse a UID that has been used and + then removed. If there was once a UID higher than any + presently\-existing UID, then that UID might possibly still be reused. + Defaults to + .IR no . + .TP \fBUSERGROUPS\fP If this is set to .IR yes ,
Joerg Hoh
2006-Jan-13 21:19 UTC
Bug#248500: [Adduser-devel] Bug#248500: adduser: do not re-use uids used once
Hi Aaron On Tue, Jan 10, 2006 at 11:37:28PM -0600, Aaron Hall wrote:> Hello, on a local system I wanted to fix the problem talked about in > this bug, and for us, the "naive" approach of selecting a UID one higher > than the highest currently in the range was good enough. I locally > modified adduser on my system to do that, and I created a patch against > 3.80 in case it would be at all useful.Thank you for the patch.> The patch uses a "NO_REUSE_IDS" option, which activates the new behavior"NO_REUSE_IDS" sounds a bit strange, I''d rather call it "REUSE_IDS" and set it to "yes" by default.> I am curious about the state-file approach, though; if that is > introduced with a new version of adduser, what do you do about "holes" > in the passwd file that existed prior to installation of that new > version? Maybe do something similar to the naive approach once, to > pre-fill the state file?That would be the only feasible solution. J?rg -- Was denen einen ihr Watergate, ist den anderen ihr Firstgate. - Thomas Bliessner, <slrnd1hklm.g53.nospam@melix.com.mx> -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://lists.alioth.debian.org/pipermail/adduser-devel/attachments/20060113/3899095c/attachment.pgp
Marc Haber
2006-Feb-25 22:18 UTC
Bug#248500: [Adduser-devel] Bug#248500: adduser: do not re-use uids used once
On Fri, Jan 13, 2006 at 10:08:26PM +0100, Joerg Hoh wrote:> On Tue, Jan 10, 2006 at 11:37:28PM -0600, Aaron Hall wrote: > > Hello, on a local system I wanted to fix the problem talked about in > > this bug, and for us, the "naive" approach of selecting a UID one higher > > than the highest currently in the range was good enough. I locally > > modified adduser on my system to do that, and I created a patch against > > 3.80 in case it would be at all useful. > > Thank you for the patch.Hast Du den applied? Ich find "reuse" nicht in der Konfigdatei und auch nicht in adduser. Gr??e Marc -- ----------------------------------------------------------------------------- Marc Haber | "I don''t trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835
Marc Haber
2006-Feb-25 22:48 UTC
Bug#248500: [Adduser-devel] Bug#248500: adduser: do not re-use uids used once
On Sat, Feb 25, 2006 at 11:11:38PM +0100, Marc Haber wrote:> Hast Du den applied? Ich find "reuse" nicht in der Konfigdatei und > auch nicht in adduser.Errm. That one was not meant to go to the BTS. I apologize. Greetings Marc -- ----------------------------------------------------------------------------- Marc Haber | "I don''t trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835