From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 6622136737823981568 X-Received: by 2002:a1c:574e:: with SMTP id l75mr880921wmb.23.1542026021621; Mon, 12 Nov 2018 04:33:41 -0800 (PST) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a1c:1146:: with SMTP id 67-v6ls1908648wmr.27.canary-gmail; Mon, 12 Nov 2018 04:33:41 -0800 (PST) X-Google-Smtp-Source: AJdET5dpZkFLXX+iTKo4NxIbGLX8O289/7zj3Jl+ZXWvvcvgnvyknra63om8XUM0i6uSUr12Xu6r X-Received: by 2002:a1c:6703:: with SMTP id b3-v6mr2181598wmc.1.1542026021128; Mon, 12 Nov 2018 04:33:41 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1542026021; cv=none; d=google.com; s=arc-20160816; b=hkuaOdac/7KN6rfhvSjZmwZCHUcZkhp15WGK0C/PSZ6cgwPwFrEs9wUfpx7K7lgHQE 0LZyLkyu2FxjaYASRZSYxXs3wZa+bJoM9Th5QkPG83gNhPhkbZAHOt/94buL6oCdr4n7 G+o6PwImQ8e4R4R1uMMd6mf/av84efwD57pb+s49hzZju4dpVBlUoj+nsq9ePXKqgQIH TYF+Ub86wAoG4TQdofgEogqfaoTtm+kxFWu85vVoDJwzRsV2DnjKIkDcPMCDwWmXBSBC p3aH68ISKyTEu9CELqSFArFMvpj52Q3RLlABGDLk96uuQLK+tiu7EY4Cu0wwk+us1+lp BUcA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:content-language:in-reply-to:mime-version :user-agent:date:message-id:references:cc:to:from:subject; bh=QBxIO3FRJH1UBe9a+ffMq4fnLxWexK13y8QPHvW0ysM=; b=Spt8Gr1+4MXcYiWdzYVWyg/DWDTWw77+Y+mOpqgqgZQHrJR6rR1q/mkP1OnE4ocUXa vhmpSeDhSFuZG6yvLnXt42nzp/czgj2A9Dl3sta0gYlldYqJ1wsb2IZk7Ze0rXZZ/6a5 2yvoNdJhJmLY+Kv2+SG8jvCPsf9kEm+d521dMqZeyL6YSuXzlehjdXFwk6lg4kGaDqPa lyW+KLB8blzAFjrAUFC4tqhflsPO+KlgXSbHb/x/yrlRbwK/ixrKRkhwY1CUz+R528xf 2eRA/TvM1E6kIxxVVTYXAjJ6vTpqXyD1TRqrnBwmYvri8cN6D8zHB3RYb6K2BR8wXwgI 0ZYA== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of jan.kiszka@siemens.com designates 194.138.37.39 as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com Return-Path: Received: from lizzard.sbs.de (lizzard.sbs.de. [194.138.37.39]) by gmr-mx.google.com with ESMTPS id j187-v6si407365wmf.3.2018.11.12.04.33.41 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 12 Nov 2018 04:33:41 -0800 (PST) Received-SPF: pass (google.com: domain of jan.kiszka@siemens.com designates 194.138.37.39 as permitted sender) client-ip=194.138.37.39; Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of jan.kiszka@siemens.com designates 194.138.37.39 as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com Received: from mail2.sbs.de (mail2.sbs.de [192.129.41.66]) by lizzard.sbs.de (8.15.2/8.15.2) with ESMTPS id wACCXdRn005834 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Mon, 12 Nov 2018 13:33:39 +0100 Received: from [167.87.36.55] ([167.87.36.55]) by mail2.sbs.de (8.15.2/8.15.2) with ESMTP id wACCXdeT002128; Mon, 12 Nov 2018 13:33:40 +0100 Subject: Re: [PATCH] buildchroot: Align UID and GID of builder user with caller From: Jan Kiszka To: Henning Schild Cc: isar-users References: <0ec8a678-7297-4ad9-4a9b-49d87f504061@web.de> <20181112101648.051ce0ed@md1za8fc.ad001.siemens.net> <680671b8-2c63-3447-ca15-35431178b266@siemens.com> <20181112104255.464bdf54@md1za8fc.ad001.siemens.net> <7acfa387-b037-af81-82a3-748edd97c008@siemens.com> Message-ID: <11811e1f-a39d-0add-f8ad-209135da5436@siemens.com> Date: Mon, 12 Nov 2018 13:33:38 +0100 User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); de; rv:1.8.1.12) Gecko/20080226 SUSE/2.0.0.12-1.1 Thunderbird/2.0.0.12 Mnenhy/0.7.5.666 MIME-Version: 1.0 In-Reply-To: <7acfa387-b037-af81-82a3-748edd97c008@siemens.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-TUID: jSy/94+DvydC On 12.11.18 10:52, Jan Kiszka wrote: > On 12.11.18 10:42, Henning Schild wrote: >> Am Mon, 12 Nov 2018 10:19:54 +0100 >> schrieb Jan Kiszka : >> >>> On 12.11.18 10:16, [ext] Henning Schild wrote: >>>> I am afraid that this is not correct. The ids you are taking from >>>> the "host" might be taken inside the chroot. As a result creating >>>> the user/group would fail. Chances might be low ... This also >>>> assumes that >>> >>> Really? I thought that these commands are run very early during >>> bootstrap where there are no other users - if not, that would be a >>> bug. >> >> I think the only uid/gid you can really be sure about is 0. 1 could >> already be a regular user on the host, and 1 is "daemon" on a current >> debian ... probably there right after debootstrap. > > Let me check if we can move the ID assignment earlier, to reduce that risk. > The solution is probably much simpler: useradd -o ... Jan -- Siemens AG, Corporate Technology, CT RDA IOT SES-DE Corporate Competence Center Embedded Linux