From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 6659376390151864320 X-Received: by 2002:a19:6454:: with SMTP id b20mr15582lfj.1.1551257170733; Wed, 27 Feb 2019 00:46:10 -0800 (PST) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a2e:4788:: with SMTP id u130ls94976lja.14.gmail; Wed, 27 Feb 2019 00:46:10 -0800 (PST) X-Google-Smtp-Source: AHgI3IafTgW3qvc1KtRDZZdCemK9SZsFbouBpjDSUKZTEK+numjU9emKyZV6EpS4f3Qi3sENrEtY X-Received: by 2002:a2e:9a0e:: with SMTP id o14mr81242lji.9.1551257170180; Wed, 27 Feb 2019 00:46:10 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1551257170; cv=none; d=google.com; s=arc-20160816; b=Acxu/nMJ9/Aiwv4FZKYnxHvIOjZ/O948e0FjwjM4MexxKGMg42kLItVlOdfDZ5+ai8 o8S2Ynd6/dUCzAAXnEMWeFaYOoeVulUBsNChfso1scVazZAYAjNCjFs5OQicO3tiGSYL fjLu5gWKsRcnJn42660vnGnQEfSMjWjJm7bGg6LWV66eRxLHUr57/Fkq8Trm/gFvJW2r Y2usAzkSZP2AluX7z+v5UmmBI4VjizJNqEFdmsa05pKP6LNnHSHmzcGfjzYR3H7aOVZJ 4PtIaZkc9Qu009EtmRp7eKvkKEGvIRR52TpRS4pfSPoJRJKFKN2qJiwer0J9ZFfc9yWY j4/g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:subject:cc:to:from:date; bh=yAD6V7eSMFgpALekdmCsXCJxAT+XhT18OFMlUCihoXk=; b=TSlEvjvulN7k31XrFKaNXEdY5UH8iq8IpAYIrhv1c4gHB1QsFgaqFGTQwP/ukUKVOW mFB1UWfQCjddEwXv+5RvmTwcwXHr9Byyw2IzS3V45llbdqsfen6WN0hXdaWS4sxY5S+1 txzkwYqt8ewF3tm8X7bFmJvfqosLgSOIIio9U6nJuWjc220p0FXd8k63RXuHSNa6Qwls 68gb/JX5I6NYRWc/zOyPa9SaUZCLVn9sfg4Bxt8a+3f3PXYbYzhRspCDe+9g6xswDF4n PAykAV7VpqQ+E4YWFIWA9/BGuQJfLm5fJFU8FXgTWsiI/0fJaanymtWPKst+2xmpkBIt bwNw== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of henning.schild@siemens.com designates 192.35.17.14 as permitted sender) smtp.mailfrom=henning.schild@siemens.com Return-Path: Received: from david.siemens.de (david.siemens.de. [192.35.17.14]) by gmr-mx.google.com with ESMTPS id k13si521676lja.5.2019.02.27.00.46.10 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 27 Feb 2019 00:46:10 -0800 (PST) Received-SPF: pass (google.com: domain of henning.schild@siemens.com designates 192.35.17.14 as permitted sender) client-ip=192.35.17.14; Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of henning.schild@siemens.com designates 192.35.17.14 as permitted sender) smtp.mailfrom=henning.schild@siemens.com Received: from mail2.sbs.de (mail2.sbs.de [192.129.41.66]) by david.siemens.de (8.15.2/8.15.2) with ESMTPS id x1R8k8BO007907 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 27 Feb 2019 09:46:09 +0100 Received: from md1za8fc.ad001.siemens.net ([139.25.69.171]) by mail2.sbs.de (8.15.2/8.15.2) with ESMTP id x1R8k6hZ007486; Wed, 27 Feb 2019 09:46:06 +0100 Date: Wed, 27 Feb 2019 09:46:05 +0100 From: Henning Schild To: Jan Kiszka Cc: "[ext] Adler, Michael" , "isar-users@googlegroups.com" , "claudius.heine.ext@siemens.com" , "Claudius Heine" Subject: Re: [PATCH] added 'isar-cfg-userpw' package Message-ID: <20190227094605.10a419b2@md1za8fc.ad001.siemens.net> In-Reply-To: References: <20190218162113.8538-1-claudius.heine.ext@siemens.com> <20190225101852.6m6uqbaq24upaovp@demogorgon> <20190225113406.373e0ae9@md1za8fc.ad001.siemens.net> <1577ed53-0452-9b44-d107-ad13f7240e37@siemens.com> X-Mailer: Claws Mail 3.17.3 (GTK+ 2.24.32; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-TUID: WnQ5DS01/yMd On Tue, 26 Feb 2019 20:47:25 +0100 Jan Kiszka wrote: > On 26.02.19 20:36, [ext] Jan Kiszka wrote: > > On 25.02.19 11:34, [ext] Henning Schild wrote: > >> Hi, > >> > >> this is not related to the package. But to any package that goes > >> through common.sh and checks the ids. > >> > >> https://groups.google.com/forum/#!searchin/isar-users/Align$20UID$20and$20GID$20%7Csort:date/isar-users/S5W8D3X4Lkg/n7HbASWnAwAJ > >> > >> > >> The result of this discussion was that we probably need to align > >> the ids and hope we never get in trouble with the host. In this > >> case we do! > >> > >> The alignment should be changed. If the group does exist (100) > >> join the user and do not try and create a group. The check should > >> be changed to make sure the gid is the main group gid, instead of > >> 1000. > > > > FWIW, just ran into the same issue after purging my build folder > > and retrying a clean "kas-docker --isar build". I'm not seeing it > > with jailhouse-images where we do not use kas-docker yet and also > > do not create the build folder outside of the container, thus with > > host IDs. > > > > So, this needs to be fixed in our kas-isar container, I suppose... > > No, the bug is really in common.sh, the container is fine: > > That script checks for group names, which is probably pointless. In > this case, we are in the right group, that group just has an alias > called "builder", but was originally called "users". > > Why the heck should we check the group? Because that is the most conservative we can get to check the complete file ownership. I guess we should keep checking the group but just make sure the the current gid is the gid of the user. - [ "$(id -gn)" != "builder" ] + [ "$(id -g)" != "$(id -g builder)" ... same for root. Henning > Jan >