no more nobody user on OBS?

classic Classic list List threaded Threaded
22 messages Options
12
Reply | Threaded
Open this post in threaded view
|

no more nobody user on OBS?

Rüdiger Meier
Hi,

seems that Tumbleweed and Factory has no more user "nobody" defined
in /etc/passwd. Is this wanted?

cu,
Rudi
--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: no more nobody user on OBS?

Oliver Kurz-2
On Tuesday, 23 May 2017 16:47:17 CEST Ruediger Meier wrote:
> Hi,
>
> seems that Tumbleweed and Factory has no more user "nobody" defined
> in /etc/passwd. Is this wanted?

If I got it right there was a change to not create a bunch of unused user
accounts but make sure that packages that need specific users specify that as
a dependency which will create the user and group accounts accordingly.

--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: no more nobody user on OBS?

Bernhard Voelker
In reply to this post by Rüdiger Meier
On 05/23/2017 04:47 PM, Ruediger Meier wrote:
> seems that Tumbleweed and Factory has no more user "nobody" defined
> in /etc/passwd. Is this wanted?

Cannot reproduce here:

  $ grep nobody /etc/passwd
  nobody:x:65534:65533:nobody:/var/lib/nobody:/bin/bash

  $ head -n2 /etc/os-release
  NAME="openSUSE Tumbleweed"
  # VERSION="20170521"

Do you mean a fresh install?

Have a nice day,
Berny

--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: no more nobody user on OBS?

Rüdiger Meier
On Tuesday 23 May 2017, Bernhard Voelker wrote:

> On 05/23/2017 04:47 PM, Ruediger Meier wrote:
> > seems that Tumbleweed and Factory has no more user "nobody" defined
> > in /etc/passwd. Is this wanted?
>
> Cannot reproduce here:
>
>   $ grep nobody /etc/passwd
>   nobody:x:65534:65533:nobody:/var/lib/nobody:/bin/bash
>
>   $ head -n2 /etc/os-release
>   NAME="openSUSE Tumbleweed"
>   # VERSION="20170521"
>
> Do you mean a fresh install?

I mean on OBS build host, or local osc build chroot.

$ cat /var/tmp/osc/build/openSUSE_Tumbleweed-x86_64/etc/passwd
root:x:0:0:root:/root:/bin/bash
systemd-coredump:x:497:497:systemd Core Dumper:/:/sbin/nologin
systemd-timesync:x:498:498:systemd Time Synchronization:/:/sbin/nologin
ntp:x:74:494:NTP daemon:/var/lib/ntp:/bin/false
abuild:x:399:399:Autobuild:/home/abuild:/bin/bash


cu,
Rudi


--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: no more nobody user on OBS?

Rüdiger Meier
In reply to this post by Oliver Kurz-2
On Tuesday 23 May 2017, Oliver Kurz wrote:

> On Tuesday, 23 May 2017 16:47:17 CEST Ruediger Meier wrote:
> > Hi,
> >
> > seems that Tumbleweed and Factory has no more user "nobody" defined
> > in /etc/passwd. Is this wanted?
>
> If I got it right there was a change to not create a bunch of unused
> user accounts but make sure that packages that need specific users
> specify that as a dependency which will create the user and group
> accounts accordingly.


Hm, I think we should always add nobody. I haven't met any Linux system
yet without such a user.

cu,
Rudi
--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: no more nobody user on OBS?

Dominique Leuenberger / DimStar
In reply to this post by Rüdiger Meier
On Tue, 2017-05-23 at 16:47 +0200, Ruediger Meier wrote:
> Hi,
>
> seems that Tumbleweed and Factory has no more user "nobody" defined
> in /etc/passwd. Is this wanted?
>
> cu,
> Rudi

That is indeed wanted - the list of users has constantly been growing
and for many users/groups, it is/was not clear what requires them.

So Thorsten worked on a way to change this - and packages nowadays have
to specify if their content wants a specific user/group to be present.

See also the packaging guidelines at
https://en.opensuse.org/openSUSE:Packaging_guidelines#Users_and_Groups

Cheers,
Dominique

signature.asc (201 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: no more nobody user on OBS?

Stephan Kulow-3
Am 23.05.2017 um 17:35 schrieb Dominique Leuenberger / DimStar:

> On Tue, 2017-05-23 at 16:47 +0200, Ruediger Meier wrote:
>> Hi,
>>
>> seems that Tumbleweed and Factory has no more user "nobody" defined
>> in /etc/passwd. Is this wanted?
>>
>> cu,
>> Rudi
>
> That is indeed wanted - the list of users has constantly been growing
> and for many users/groups, it is/was not clear what requires them.
>
> So Thorsten worked on a way to change this - and packages nowadays have
> to specify if their content wants a specific user/group to be present.
>
> See also the packaging guidelines at
> https://en.opensuse.org/openSUSE:Packaging_guidelines#Users_and_Groups
But 'nobody'? I don't see it as a system user - mere the lack of user.

Greetings, Stephan

--
Ma muaß weiterkämpfen, kämpfen bis zum Umfalln, a wenn die
ganze Welt an Arsch offen hat, oder grad deswegn.


signature.asc (201 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: no more nobody user on OBS?

Dominique Leuenberger / DimStar
On Tue, 2017-05-23 at 17:46 +0200, Stephan Kulow wrote:

> Am 23.05.2017 um 17:35 schrieb Dominique Leuenberger / DimStar:
> > On Tue, 2017-05-23 at 16:47 +0200, Ruediger Meier wrote:
> > > Hi,
> > >
> > > seems that Tumbleweed and Factory has no more user "nobody"
> > > defined
> > > in /etc/passwd. Is this wanted?
> > >
> > > cu,
> > > Rudi
> >
> > That is indeed wanted - the list of users has constantly been
> > growing
> > and for many users/groups, it is/was not clear what requires them.
> >
> > So Thorsten worked on a way to change this - and packages nowadays
> > have
> > to specify if their content wants a specific user/group to be
> > present.
> >
> > See also the packaging guidelines at
> > https://en.opensuse.org/openSUSE:Packaging_guidelines#Users_and_Gro
> > ups
>
> But 'nobody'? I don't see it as a system user - mere the lack of
> user.
>
> Greetings, Stephan
historically, everything was thrown at 'nobody' for security reasons -
until somebody realized that entire systems running as nobody is not
actually secure, as services could start interacting.

'nobody' has no special meaning in any way. I don't see why it should
be treated specially (unlike root/uid=0);. It's still right at your
disposal if you have a package relying on it (e.g. NFS using it as
fallback for 'anonymous/unknown') - you just need to specify it.

Cheers
Dominique

signature.asc (201 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: no more nobody user on OBS?

Rüdiger Meier
On Tuesday 23 May 2017, Dominique Leuenberger / DimStar wrote:

> On Tue, 2017-05-23 at 17:46 +0200, Stephan Kulow wrote:
> > Am 23.05.2017 um 17:35 schrieb Dominique Leuenberger / DimStar:
> > > On Tue, 2017-05-23 at 16:47 +0200, Ruediger Meier wrote:
> > > > Hi,
> > > >
> > > > seems that Tumbleweed and Factory has no more user "nobody"
> > > > defined
> > > > in /etc/passwd. Is this wanted?
> > > >
> > > > cu,
> > > > Rudi
> > >
> > > That is indeed wanted - the list of users has constantly been
> > > growing
> > > and for many users/groups, it is/was not clear what requires
> > > them.
> > >
> > > So Thorsten worked on a way to change this - and packages
> > > nowadays have
> > > to specify if their content wants a specific user/group to be
> > > present.
> > >
> > > See also the packaging guidelines at
> > > https://en.opensuse.org/openSUSE:Packaging_guidelines#Users_and_G
> > >ro ups
> >
> > But 'nobody'? I don't see it as a system user - mere the lack of
> > user.
> >
> > Greetings, Stephan
>
> historically, everything was thrown at 'nobody' for security reasons
> - until somebody realized that entire systems running as nobody is
> not actually secure, as services could start interacting.
>
> 'nobody' has no special meaning in any way.

The are programs which treat nobody as the only user which is neither a
system nor user account.

> I don't see why it should
> be treated specially (unlike root/uid=0);. It's still right at your
> disposal if you have a package relying on it (e.g. NFS using it as
> fallback for 'anonymous/unknown') - you just need to specify it.

You forget about users or thirdparty software which is still using
nobody for whatever reason. IMO it makes no sense that openSUSE is the
only existing Linux distro which does not provide "nobody/nogroup

We will get bug reports for sure if we remove nobody. It doesn't hurt to
keep it as it.

BTW "bin" and "daemon" are also missing. They are even *required* by
LSB, while "nobody" is optional.
http://refspecs.linuxbase.org/LSB_3.0.0/LSB-PDA/LSB-PDA/usernames.html


cu,
Rudi
--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: no more nobody user on OBS?

Dominique Leuenberger / DimStar
On Tue, 2017-05-23 at 18:18 +0200, Ruediger Meier wrote:
> I don't see why it should
> > be treated specially (unlike root/uid=0);. It's still right at your
> > disposal if you have a package relying on it (e.g. NFS using it as
> > fallback for 'anonymous/unknown') - you just need to specify it.
>
> You forget about users or thirdparty software which is still using
> nobody for whatever reason. IMO it makes no sense that openSUSE is
> the
> only existing Linux distro which does not provide "nobody/nogroup

> We will get bug reports for sure if we remove nobody. It doesn't hurt
> to
> keep it as it.
>
> BTW "bin" and "daemon" are also missing. They are even *required* by
> LSB, while "nobody" is optional.
> http://refspecs.linuxbase.org/LSB_3.0.0/LSB-PDA/LSB-PDA/usernames.htm
> l

right - lsb also requires Qt4; so it is definitively an up-to-date
reference.

But I see no problem of adding
> Requires: user(bin) user(daemon)
> Recommends: user(nobody)

to the lsb package to satisfy the lsb needs - so any thridparty relying
on lsb just has to require lsb (as chrome for example already does).

Cheers,
Dominique

signature.asc (201 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: no more nobody user on OBS?

Bernhard Voelker
In reply to this post by Dominique Leuenberger / DimStar
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 05/23/2017 05:35 PM, Dominique Leuenberger / DimStar wrote:
> That is indeed wanted - the list of users has constantly been growing and for many users/groups, it is/was not
> clear what requires them.

While reducing (or better saying: letting the packages choose) is good
for the final product, how could we get some of them back on OBS?

Some tests rely on having a 2nd user - e.g. the coreutils-testsuite
would not have to SKIP a couple of tests. (BTW: it'd be great if
abuild could be member of a second group for some of these tests).

...
[  102s] basic.sh: skipped test: requires membership in two groups
[  102s] SKIP: tests/chgrp/basic.sh
...
[  119s] default-no-deref.sh: skipped test: requires membership in two groups
[  119s] SKIP: tests/chgrp/default-no-deref.sh
[  119s] deref.sh: skipped test: requires membership in two groups
[  119s] SKIP: tests/chgrp/deref.sh
[  119s] no-x.sh: skipped test: requires membership in two groups
[  119s] SKIP: tests/chgrp/no-x.sh
[  119s] posix-H.sh: skipped test: requires membership in two groups
[  119s] SKIP: tests/chgrp/posix-H.sh
[  119s] recurse.sh: skipped test: requires membership in two groups
[  119s] SKIP: tests/chgrp/recurse.sh
...
[  286s] acl.sh: skipped test: This test requires a local user named bin.
[  286s] SKIP: tests/cp/acl.sh
...
[  286s] existing-perm-race.sh: skipped test: requires membership in two groups
[  286s] SKIP: tests/cp/existing-perm-race.sh
...
[  304s] acl.sh: skipped test: This test requires a local user named bin.
[  304s] SKIP: tests/mv/acl.sh
...
[  332s] # TOTAL: 563
[  332s] # PASS:  496
[  332s] # SKIP:  67

Idea: could we create/have some packages doing such modifications in
the build environment via BuildRequires, but which are never shipped
to regular systems? ... actually like the abuild user?

Thanks & have a nice day,
Berny
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBAgAGBQJZJSxUAAoJEEZQLveWkXGVHUMIAJnG9iXvlplPkek/lbFMl6Wh
BAPCx3HDjp9pN/b9r0ORum+irD4T8i4GZOlQ1MNI2yRdPGUVBMUluRmpzFhEkJm0
ngAzqp8KE7ZtoyifPKIlfOjvObZcio0BksTVHO93twCpP1D4zYFsAAbW3nn3OzCO
SwclL84Q6Yf3S5DkNjLMZJ7iS8uVkdn9lux4HusRyw7fROWdFpUQhN7xCG8S53gE
r9sDvsFG4Hq8AbQMuID7RB6nDkfLoa2derXV+8f5+nu2z0ixm6RxAEVBU7gX2kjs
SstRlaNsW6pzdqRwhevwVjdj1ZfsKWkaZ8DqjjH+X4dxoVf6Sa5fdslyF2Pgoao=
=p+8i
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: no more nobody user on OBS?

Dominique Leuenberger / DimStar
On Wed, 2017-05-24 at 08:46 +0200, Bernhard Voelker wrote:
>
> Idea: could we create/have some packages doing such modifications in
> the build environment via BuildRequires, but which are never shipped
> to regular systems? ... actually like the abuild user?
>

BuildRequires: user(FOO) / group(BAR) ?

If only used by the test suite,t hat's ok.. if the app/package needs it
on the system, then additionally a Requires: user(FOO) / group(BAR)


Cheers,
Dominique

signature.asc (201 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: no more nobody user on OBS?

Rüdiger Meier
In reply to this post by Rüdiger Meier
On Wednesday 24 May 2017, Bernhard Voelker wrote:

> On 05/23/2017 05:35 PM, Dominique Leuenberger / DimStar wrote:
> > That is indeed wanted - the list of users has constantly been
> > growing and for many users/groups, it is/was not clear what
> > requires them.
>
> While reducing (or better saying: letting the packages choose) is
> good for the final product, how could we get some of them back on
> OBS?
>
> Some tests rely on having a 2nd user - e.g. the coreutils-testsuite
> would not have to SKIP a couple of tests. (BTW: it'd be great if
> abuild could be member of a second group for some of these tests).
>
> ...
> [  102s] basic.sh: skipped test: requires membership in two groups
> [  102s] SKIP: tests/chgrp/basic.sh
> ...
> [  119s] default-no-deref.sh: skipped test: requires membership in
> two groups [  119s] SKIP: tests/chgrp/default-no-deref.sh
> [  119s] deref.sh: skipped test: requires membership in two groups
> [  119s] SKIP: tests/chgrp/deref.sh
> [  119s] no-x.sh: skipped test: requires membership in two groups
> [  119s] SKIP: tests/chgrp/no-x.sh
> [  119s] posix-H.sh: skipped test: requires membership in two groups
> [  119s] SKIP: tests/chgrp/posix-H.sh
> [  119s] recurse.sh: skipped test: requires membership in two groups
> [  119s] SKIP: tests/chgrp/recurse.sh
> ...
> [  286s] acl.sh: skipped test: This test requires a local user named
> bin. [  286s] SKIP: tests/cp/acl.sh
> ...
> [  286s] existing-perm-race.sh: skipped test: requires membership in
> two groups [  286s] SKIP: tests/cp/existing-perm-race.sh
> ...
> [  304s] acl.sh: skipped test: This test requires a local user named
> bin. [  304s] SKIP: tests/mv/acl.sh
> ...
> [  332s] # TOTAL: 563
> [  332s] # PASS:  496
> [  332s] # SKIP:  67
>
> Idea: could we create/have some packages doing such modifications in
> the build environment via BuildRequires, but which are never shipped
> to regular systems? ... actually like the abuild user?


You can add
+%if 0%{?suse_version} > 1320
+BuildRequires: user(nobody)
+%endif

However it's just annoying that we have to do that and endusers of the
distro also have to do that. Probably a user would just use useradd to
create the missing user manually with random id and group, conflicting
to the definitions of
system-user-nobody's /usr/lib/sysusers.d/system-user-nobody.conf

So the goal to clean-up and well-define our system users leads to more
randomization. I still see no benefit of not providing "daemon"
and "nobody" always in opposite to basically any other existing Linux
distro.

cu,
Rudi
--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: no more nobody user on OBS?

Dominique Leuenberger / DimStar
In reply to this post by Bernhard Voelker
On Wed, 2017-05-24 at 09:25 +0200, Ruediger Meier wrote:
> However it's just annoying that we have to do that and endusers of
> the
> distro also have to do that. Probably a user would just use useradd
> to
> create the missing user manually with random id and group,
> conflicting
> to the definitions of
> system-user-nobody's /usr/lib/sysusers.d/system-user-nobody.conf

an end-user trusting your package gets the user as a dependency.. why
would he have to create the user?

You as packager should know what your package requires - what user it
relies on and what not.

>

signature.asc (201 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: no more nobody user on OBS?

Rüdiger Meier
On Wednesday 24 May 2017, Dominique Leuenberger / DimStar wrote:

> On Wed, 2017-05-24 at 09:25 +0200, Ruediger Meier wrote:
> > However it's just annoying that we have to do that and endusers of
> > the
> > distro also have to do that. Probably a user would just use useradd
> > to
> > create the missing user manually with random id and group,
> > conflicting
> > to the definitions of
> > system-user-nobody's /usr/lib/sysusers.d/system-user-nobody.conf
>
> an end-user trusting your package gets the user as a dependency.. why
> would he have to create the user?
>
> You as packager should know what your package requires - what user it
> relies on and what not.

I don't understand why you always think about users only using distro
packages. This is about developers or interested people who want to
build and check software like util-linux or coreutils. It works on any
other Linux distro but not anymore on openSUSE. This is just *one*
example.

I can understand why we should remove useless users from the base system
but daemon and nobody are exceptions IMO.

The other aspect is that users will create missing users manually and
most likely with conflicting specs. So if they later install a package
which requires such user then it may not work.


cu,
Rudi

--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: no more nobody user on OBS?

Thorsten Kukuk
In reply to this post by Stephan Kulow-3
On Tue, May 23, Stephan Kulow wrote:

> Am 23.05.2017 um 17:35 schrieb Dominique Leuenberger / DimStar:
> > On Tue, 2017-05-23 at 16:47 +0200, Ruediger Meier wrote:
> >> Hi,
> >>
> >> seems that Tumbleweed and Factory has no more user "nobody" defined
> >> in /etc/passwd. Is this wanted?
> >>
> >> cu,
> >> Rudi
> >
> > That is indeed wanted - the list of users has constantly been growing
> > and for many users/groups, it is/was not clear what requires them.
> >
> > So Thorsten worked on a way to change this - and packages nowadays have
> > to specify if their content wants a specific user/group to be present.
> >
> > See also the packaging guidelines at
> > https://en.opensuse.org/openSUSE:Packaging_guidelines#Users_and_Groups
>
> But 'nobody'? I don't see it as a system user - mere the lack of user.

The patterns install the user nobody.
Applications, which require the user nobody, have require. At least as far
as I could identify them. Some have the fact, that they need the user nobody,
very well hidden.

So after installation, there should always be a user nobody. If not, that's a bug
we need to analyze and fix.
Packages requiring the user nobody should always have a "Requires: user(nobody)"
in the spec file.
If you need it for building packages, but not runtime, you should add "BuildRequires: user(nobody)".

And we will remove the user "root" from aaa_base as next, too.
But the handling will be different, we can clearly not use systemd-sysusers for
that. I have some ideas, but no real code yet.

  Thorsten

--
Thorsten Kukuk, Distinguished Engineer, Senior Architect SLES & CaaSP
SUSE LINUX GmbH, Maxfeldstr. 5, 90409 Nuernberg, Germany
GF: Felix Imendoerffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nuernberg)
--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: no more nobody user on OBS?

Michal Kubecek
In reply to this post by Dominique Leuenberger / DimStar
On Wednesday, 24 May 2017 9:39 Dominique Leuenberger / DimStar wrote:
> an end-user trusting your package gets the user as a dependency.. why
> would he have to create the user?
>
> You as packager should know what your package requires - what user it
> relies on and what not.

As others already explained, this logic only works if you assume users
only run software from distribution packages (and only those which are
kept in sync with all latest quirks). I'm afraid this is not true in
general.

Sure, you can say it's user's responsibility to make sure they have
everything their third party software of scripts need to work. But they
would have to know they need it - and in this particular case, one can
hardly expect authors of third party software to explicitely mention
they need user named "nobody" just because there is one distribution
(and let's face it, not really one of the most prominent ones) decided
not to create it.

So the question is: do we want to send our users a message that we do
not care about their needs at all once they use anything they didn't get
from the distribution - and not even in the case it would cost us almost
nothing?

                                                          Michal Kubeček

--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: no more nobody user on OBS?

Thorsten Kukuk
In reply to this post by Rüdiger Meier
On Tue, May 23, Ruediger Meier wrote:

> You forget about users or thirdparty software which is still using
> nobody for whatever reason. IMO it makes no sense that openSUSE is the
> only existing Linux distro which does not provide "nobody/nogroup

"nogroup" is a special SUSE hack not existing on most other Linux distributions.
It was an ugly workaround over 18 years ago for a typo in /etc/group.

Else: why do you think that we do not provide "nobody"? It's still there
and installed by default, at least if you use patterns and don't create
your own, minimal system somehow else.

> We will get bug reports for sure if we remove nobody. It doesn't hurt to
> keep it as it.

Nobody ever spoke about removing nobody.
 
> BTW "bin" and "daemon" are also missing.

No, they are there, too:
Requires:       system-group-hardware
Recommends:     system-group-trusted
Recommends:     system-group-wheel
Recommends:     system-user-bin
Recommends:     system-user-daemon
Requires:       system-user-nobody

Please, first check the code and complain only afterwards.

> They are even *required* by  LSB, while "nobody" is optional.
> http://refspecs.linuxbase.org/LSB_3.0.0/LSB-PDA/LSB-PDA/usernames.html

LSB 3.0 is from 2005 and outdated since 9 years.

LSB itself is dead. You are not even able do download the code anymore
and meanwhile even the certificates did expire.

  Thorsten

--
Thorsten Kukuk, Distinguished Engineer, Senior Architect SLES & CaaSP
SUSE LINUX GmbH, Maxfeldstr. 5, 90409 Nuernberg, Germany
GF: Felix Imendoerffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nuernberg)
--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: no more nobody user on OBS?

Thorsten Kukuk
In reply to this post by Rüdiger Meier
On Wed, May 24, Ruediger Meier wrote:

> However it's just annoying that we have to do that and endusers of the
> distro also have to do that.

No enduser of the distro has to do that. Only package maintainers.

> So the goal to clean-up and well-define our system users leads to more
> randomization. I still see no benefit of not providing "daemon"
> and "nobody" always in opposite to basically any other existing Linux
> distro.

We do provide that. I have the impression that some people here only
complain without ever doing a fresh installation of Tumbleweed and
looking at, what end users are getting...

  Thorsten

--
Thorsten Kukuk, Distinguished Engineer, Senior Architect SLES & CaaSP
SUSE LINUX GmbH, Maxfeldstr. 5, 90409 Nuernberg, Germany
GF: Felix Imendoerffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nuernberg)
--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: no more nobody user on OBS?

Adrian Schröter
In reply to this post by Thorsten Kukuk
On Mittwoch, 24. Mai 2017, 10:26:09 CEST wrote Thorsten Kukuk:

> On Tue, May 23, Ruediger Meier wrote:
>
> > You forget about users or thirdparty software which is still using
> > nobody for whatever reason. IMO it makes no sense that openSUSE is the
> > only existing Linux distro which does not provide "nobody/nogroup
>
> "nogroup" is a special SUSE hack not existing on most other Linux distributions.
> It was an ugly workaround over 18 years ago for a typo in /etc/group.
>
> Else: why do you think that we do not provide "nobody"? It's still there
> and installed by default, at least if you use patterns and don't create
> your own, minimal system somehow else.
>
> > We will get bug reports for sure if we remove nobody. It doesn't hurt to
> > keep it as it.
>
> Nobody ever spoke about removing nobody.
>  
> > BTW "bin" and "daemon" are also missing.
>
> No, they are there, too:
> Requires:       system-group-hardware
> Recommends:     system-group-trusted
> Recommends:     system-group-wheel
> Recommends:     system-user-bin
> Recommends:     system-user-daemon
> Requires:       system-user-nobody
>
> Please, first check the code and complain only afterwards.

Recommends are not installed by default in build environement.
So they miss there by default

--

Adrian Schroeter
email: [hidden email]

SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg)
 
Maxfeldstraße 5                        
90409 Nürnberg
Germany


--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

12