* [Buildroot] [PATCH 1/1] treewide: replace nogroup with nobody @ 2020-07-17 10:20 Norbert Lange 2020-07-17 20:20 ` Yann E. MORIN 0 siblings, 1 reply; 3+ messages in thread From: Norbert Lange @ 2020-07-17 10:20 UTC (permalink / raw) To: buildroot Use the recommended groupname for user nobody. One practical issue is that systemd-sysusers will otherwise create a nobody group with gid 999. Quote: "If the username exists on a system,then they should be in the suggested corresponding group". https://refspecs.linuxfoundation.org/LSB_5.0.0/LSB-Core-generic/LSB-Core-generic/usernames.html Signed-off-by: Norbert Lange <nolange79@gmail.com> --- package/boa/boa.conf | 18 +++++++++--------- package/mosquitto/mosquitto.mk | 2 +- package/oracle-mysql/oracle-mysql.mk | 2 +- package/systemd/systemd.mk | 1 - system/skeleton/etc/group | 2 +- 5 files changed, 12 insertions(+), 13 deletions(-) diff --git a/package/boa/boa.conf b/package/boa/boa.conf index e94029665f..03630c0f9a 100644 --- a/package/boa/boa.conf +++ b/package/boa/boa.conf @@ -7,7 +7,7 @@ # generated parser. If it reports an error, the line number will be # provided; it should be easy to spot. The syntax of each of these # rules is very simple, and they can occur in any order. Where possible -# these directives mimic those of NCSA httpd 1.3; I saw no reason to +# these directives mimic those of NCSA httpd 1.3; I saw no reason to # introduce gratuitous differences. # $Id: boa.conf,v 1.1 2004/10/09 02:48:37 andersen Exp $ @@ -46,7 +46,7 @@ Port 80 # Group: The group name or GID the server should run as. User nobody -Group nogroup +Group nobody # ServerAdmin: The email address where server problems should be sent. # Note: this is not currently used, except as an environment variable @@ -68,7 +68,7 @@ ErrorLog /var/log/boa/error_log # AccessLog: The location of the access log file. If this does not # start with /, it is considered relative to the server root. -# Comment out or set to /dev/null (less effective) to disable +# Comment out or set to /dev/null (less effective) to disable # Access logging. AccessLog /var/log/boa/access_log @@ -78,7 +78,7 @@ AccessLog /var/log/boa/access_log # process if the receiving end of a pipe stops reading." #AccessLog "|/usr/sbin/cronolog --symlink=/var/log/boa/access_log /var/log/boa/access-%Y%m%d.log" -# UseLocaltime: Logical switch. Uncomment to use localtime +# UseLocaltime: Logical switch. Uncomment to use localtime # instead of UTC time #UseLocaltime @@ -88,8 +88,8 @@ AccessLog /var/log/boa/access_log #VerboseCGILogs -# ServerName: the name of this server that should be sent back to -# clients if different than that returned by gethostname + gethostbyname +# ServerName: the name of this server that should be sent back to +# clients if different than that returned by gethostname + gethostbyname #ServerName www.your.org.here @@ -103,7 +103,7 @@ AccessLog /var/log/boa/access_log # output rules, it prepends the interface number to each access_log line. # You are expected to fix that problem with a postprocessing script. -#VirtualHost +#VirtualHost # DocumentRoot: The root directory of the HTML documents. # Comment out to disable server non user files. @@ -131,9 +131,9 @@ DirectoryMaker /usr/lib/boa/boa_indexer # DirectoryCache: If DirectoryIndex doesn't exist, and DirectoryMaker # has been commented out, the the on-the-fly indexing of Boa can be used -# to generate indexes of directories. Be warned that the output is +# to generate indexes of directories. Be warned that the output is # extremely minimal and can cause delays when slow disks are used. -# Note: The DirectoryCache must be writable by the same user/group that +# Note: The DirectoryCache must be writable by the same user/group that # Boa runs as. # DirectoryCache /var/spool/boa/dircache diff --git a/package/mosquitto/mosquitto.mk b/package/mosquitto/mosquitto.mk index 2a9b504eb8..cdd515e1a4 100644 --- a/package/mosquitto/mosquitto.mk +++ b/package/mosquitto/mosquitto.mk @@ -114,7 +114,7 @@ define MOSQUITTO_INSTALL_INIT_SYSTEMD endef define MOSQUITTO_USERS - mosquitto -1 nogroup -1 * - - - Mosquitto user + mosquitto -1 nobody -1 * - - - Mosquitto user endef endif diff --git a/package/oracle-mysql/oracle-mysql.mk b/package/oracle-mysql/oracle-mysql.mk index 1449c58e41..ccfa40cfb1 100644 --- a/package/oracle-mysql/oracle-mysql.mk +++ b/package/oracle-mysql/oracle-mysql.mk @@ -102,7 +102,7 @@ ORACLE_MYSQL_CONF_OPTS += --without-debug endif define ORACLE_MYSQL_USERS - mysql -1 nogroup -1 * /var/mysql - - MySQL daemon + mysql -1 nobody -1 * /var/mysql - - MySQL daemon endef define ORACLE_MYSQL_ADD_FOLDER diff --git a/package/systemd/systemd.mk b/package/systemd/systemd.mk index 88adf1941c..ddcf7d0cc0 100644 --- a/package/systemd/systemd.mk +++ b/package/systemd/systemd.mk @@ -45,7 +45,6 @@ SYSTEMD_CONF_OPTS += \ -Dloadkeys-path=/usr/bin/loadkeys \ -Dsetfont-path=/usr/bin/setfont \ -Dtelinit-path=/sbin/telinit \ - -Dnobody-group=nogroup \ -Didn=true \ -Dnss-systemd=true \ -Dportabled=false diff --git a/system/skeleton/etc/group b/system/skeleton/etc/group index 76346b35f2..6822a277bf 100644 --- a/system/skeleton/etc/group +++ b/system/skeleton/etc/group @@ -23,4 +23,4 @@ staff:x:50: lock:x:54: netdev:x:82: users:x:100: -nogroup:x:65534: +nobody:x:65534: -- 2.27.0 ^ permalink raw reply related [flat|nested] 3+ messages in thread
* [Buildroot] [PATCH 1/1] treewide: replace nogroup with nobody 2020-07-17 10:20 [Buildroot] [PATCH 1/1] treewide: replace nogroup with nobody Norbert Lange @ 2020-07-17 20:20 ` Yann E. MORIN 2020-07-17 20:53 ` Norbert Lange 0 siblings, 1 reply; 3+ messages in thread From: Yann E. MORIN @ 2020-07-17 20:20 UTC (permalink / raw) To: buildroot Norbert, All, On 2020-07-17 12:20 +0200, Norbert Lange spake thusly: > Use the recommended groupname for user nobody. One practical > issue is that systemd-sysusers will otherwise create a > nobody group with gid 999. > > Quote: "If the username exists on a system,then they should > be in the suggested corresponding group". > > https://refspecs.linuxfoundation.org/LSB_5.0.0/LSB-Core-generic/LSB-Core-generic/usernames.html Note the phrasing, which states 'should' and 'suggested', in that they are not mandatory. And indeed, I'm looking at Ubuntu 19.10 here. which has a 'nogroup' group, and no 'nobody' group. It is however to be noted that, initially, only the 'nobody' group did exist (commit 339f2f492e, 2001-12-22), and subsequently removed soon afterwards (commit 08782ae7d8, 2002-04-26). to be then reintroduced again a while later (commit 3ed6fb0af3, 2005-08-07). And them oh-so-shortly afterwards, the 'nogroup' group makes its grand appearance (commit 3c31be684d, 2005-08-09), on the excuse to make LTP happy. However, nowadays, LTP does check preferentially for 'nobody', and falls back on 'nogroup', with this comment (in IDcheck.sh): # nobody is a standard group on all distros, apart from debian based ones; # let's account for the fact that they use the nogroup group instead. So, indeed, switching to using 'nobody' makes sense, and would not make LTP less happy. As for the numbering, I seemd to recall some specificities of 65534, and indeed I found commit 9c67af2c52, 2019-08-25, that switched 'nogroup' from 99 to 65534, so we're clean there too. And for the records, I was the one to drop the 'nobody' group 7 years ago now, in commit 908198e756, stating "Anyway, the user 'nobody' belongs to the group 'nogroup' in any sane distribution." Damn. ;-] Nits, below... > Signed-off-by: Norbert Lange <nolange79@gmail.com> > --- > package/boa/boa.conf | 18 +++++++++--------- > package/mosquitto/mosquitto.mk | 2 +- > package/oracle-mysql/oracle-mysql.mk | 2 +- > package/systemd/systemd.mk | 1 - > system/skeleton/etc/group | 2 +- > 5 files changed, 12 insertions(+), 13 deletions(-) > > diff --git a/package/boa/boa.conf b/package/boa/boa.conf > index e94029665f..03630c0f9a 100644 > --- a/package/boa/boa.conf > +++ b/package/boa/boa.conf > @@ -7,7 +7,7 @@ > # generated parser. If it reports an error, the line number will be > # provided; it should be easy to spot. The syntax of each of these > # rules is very simple, and they can occur in any order. Where possible > -# these directives mimic those of NCSA httpd 1.3; I saw no reason to > +# these directives mimic those of NCSA httpd 1.3; I saw no reason to Lots of spurious changes (removal of trailing spaces), should not be in that patch. Regards, Yann E. MORIN. > # introduce gratuitous differences. > > # $Id: boa.conf,v 1.1 2004/10/09 02:48:37 andersen Exp $ > @@ -46,7 +46,7 @@ Port 80 > # Group: The group name or GID the server should run as. > > User nobody > -Group nogroup > +Group nobody > > # ServerAdmin: The email address where server problems should be sent. > # Note: this is not currently used, except as an environment variable > @@ -68,7 +68,7 @@ ErrorLog /var/log/boa/error_log > > # AccessLog: The location of the access log file. If this does not > # start with /, it is considered relative to the server root. > -# Comment out or set to /dev/null (less effective) to disable > +# Comment out or set to /dev/null (less effective) to disable > # Access logging. > > AccessLog /var/log/boa/access_log > @@ -78,7 +78,7 @@ AccessLog /var/log/boa/access_log > # process if the receiving end of a pipe stops reading." > #AccessLog "|/usr/sbin/cronolog --symlink=/var/log/boa/access_log /var/log/boa/access-%Y%m%d.log" > > -# UseLocaltime: Logical switch. Uncomment to use localtime > +# UseLocaltime: Logical switch. Uncomment to use localtime > # instead of UTC time > #UseLocaltime > > @@ -88,8 +88,8 @@ AccessLog /var/log/boa/access_log > > #VerboseCGILogs > > -# ServerName: the name of this server that should be sent back to > -# clients if different than that returned by gethostname + gethostbyname > +# ServerName: the name of this server that should be sent back to > +# clients if different than that returned by gethostname + gethostbyname > > #ServerName www.your.org.here > > @@ -103,7 +103,7 @@ AccessLog /var/log/boa/access_log > # output rules, it prepends the interface number to each access_log line. > # You are expected to fix that problem with a postprocessing script. > > -#VirtualHost > +#VirtualHost > > # DocumentRoot: The root directory of the HTML documents. > # Comment out to disable server non user files. > @@ -131,9 +131,9 @@ DirectoryMaker /usr/lib/boa/boa_indexer > > # DirectoryCache: If DirectoryIndex doesn't exist, and DirectoryMaker > # has been commented out, the the on-the-fly indexing of Boa can be used > -# to generate indexes of directories. Be warned that the output is > +# to generate indexes of directories. Be warned that the output is > # extremely minimal and can cause delays when slow disks are used. > -# Note: The DirectoryCache must be writable by the same user/group that > +# Note: The DirectoryCache must be writable by the same user/group that > # Boa runs as. > > # DirectoryCache /var/spool/boa/dircache > diff --git a/package/mosquitto/mosquitto.mk b/package/mosquitto/mosquitto.mk > index 2a9b504eb8..cdd515e1a4 100644 > --- a/package/mosquitto/mosquitto.mk > +++ b/package/mosquitto/mosquitto.mk > @@ -114,7 +114,7 @@ define MOSQUITTO_INSTALL_INIT_SYSTEMD > endef > > define MOSQUITTO_USERS > - mosquitto -1 nogroup -1 * - - - Mosquitto user > + mosquitto -1 nobody -1 * - - - Mosquitto user > endef > endif > > diff --git a/package/oracle-mysql/oracle-mysql.mk b/package/oracle-mysql/oracle-mysql.mk > index 1449c58e41..ccfa40cfb1 100644 > --- a/package/oracle-mysql/oracle-mysql.mk > +++ b/package/oracle-mysql/oracle-mysql.mk > @@ -102,7 +102,7 @@ ORACLE_MYSQL_CONF_OPTS += --without-debug > endif > > define ORACLE_MYSQL_USERS > - mysql -1 nogroup -1 * /var/mysql - - MySQL daemon > + mysql -1 nobody -1 * /var/mysql - - MySQL daemon > endef > > define ORACLE_MYSQL_ADD_FOLDER > diff --git a/package/systemd/systemd.mk b/package/systemd/systemd.mk > index 88adf1941c..ddcf7d0cc0 100644 > --- a/package/systemd/systemd.mk > +++ b/package/systemd/systemd.mk > @@ -45,7 +45,6 @@ SYSTEMD_CONF_OPTS += \ > -Dloadkeys-path=/usr/bin/loadkeys \ > -Dsetfont-path=/usr/bin/setfont \ > -Dtelinit-path=/sbin/telinit \ > - -Dnobody-group=nogroup \ > -Didn=true \ > -Dnss-systemd=true \ > -Dportabled=false > diff --git a/system/skeleton/etc/group b/system/skeleton/etc/group > index 76346b35f2..6822a277bf 100644 > --- a/system/skeleton/etc/group > +++ b/system/skeleton/etc/group > @@ -23,4 +23,4 @@ staff:x:50: > lock:x:54: > netdev:x:82: > users:x:100: > -nogroup:x:65534: > +nobody:x:65534: > -- > 2.27.0 > -- .-----------------.--------------------.------------------.--------------------. | Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: | | +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ | | +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no | | http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. | '------------------------------^-------^------------------^--------------------' ^ permalink raw reply [flat|nested] 3+ messages in thread
* [Buildroot] [PATCH 1/1] treewide: replace nogroup with nobody 2020-07-17 20:20 ` Yann E. MORIN @ 2020-07-17 20:53 ` Norbert Lange 0 siblings, 0 replies; 3+ messages in thread From: Norbert Lange @ 2020-07-17 20:53 UTC (permalink / raw) To: buildroot Am Fr., 17. Juli 2020 um 22:20 Uhr schrieb Yann E. MORIN <yann.morin.1998@free.fr>: > > Norbert, All, > > On 2020-07-17 12:20 +0200, Norbert Lange spake thusly: > > Use the recommended groupname for user nobody. One practical > > issue is that systemd-sysusers will otherwise create a > > nobody group with gid 999. > > > > Quote: "If the username exists on a system,then they should > > be in the suggested corresponding group". > > > > https://refspecs.linuxfoundation.org/LSB_5.0.0/LSB-Core-generic/LSB-Core-generic/usernames.html > > Note the phrasing, which states 'should' and 'suggested', in that they > are not mandatory. And indeed, I'm looking at Ubuntu 19.10 here. which > has a 'nogroup' group, and no 'nobody' group. Debian (and in effect its siblings) don't follow the LSB at all, so you are correct, but using Ubuntu as example doesnt count. > > It is however to be noted that, initially, only the 'nobody' group did > exist (commit 339f2f492e, 2001-12-22), and subsequently removed soon > afterwards (commit 08782ae7d8, 2002-04-26). to be then reintroduced > again a while later (commit 3ed6fb0af3, 2005-08-07). > > And them oh-so-shortly afterwards, the 'nogroup' group makes its grand > appearance (commit 3c31be684d, 2005-08-09), on the excuse to make LTP > happy. > > However, nowadays, LTP does check preferentially for 'nobody', and falls > back on 'nogroup', with this comment (in IDcheck.sh): > > # nobody is a standard group on all distros, apart from debian based ones; > # let's account for the fact that they use the nogroup group instead. > > So, indeed, switching to using 'nobody' makes sense, and would not make > LTP less happy. If necessary, a 'nogroup' could be added aswell (with a different gid), let's hope that's not necessary. > > As for the numbering, I seemd to recall some specificities of 65534, and > indeed I found commit 9c67af2c52, 2019-08-25, that switched 'nogroup' > from 99 to 65534, so we're clean there too. 65534 seems to get special treatment in the kernel ("overflow uid"). > > And for the records, I was the one to drop the 'nobody' group 7 years > ago now, in commit 908198e756, stating "Anyway, the user 'nobody' > belongs to the group 'nogroup' in any sane distribution." Damn. ;-] I'll be cautious to add such a statement in the commit logs, thanks for the warning ;) > > Nits, below... > > > Signed-off-by: Norbert Lange <nolange79@gmail.com> > > --- > > package/boa/boa.conf | 18 +++++++++--------- > > package/mosquitto/mosquitto.mk | 2 +- > > package/oracle-mysql/oracle-mysql.mk | 2 +- > > package/systemd/systemd.mk | 1 - > > system/skeleton/etc/group | 2 +- > > 5 files changed, 12 insertions(+), 13 deletions(-) > > > > diff --git a/package/boa/boa.conf b/package/boa/boa.conf > > index e94029665f..03630c0f9a 100644 > > --- a/package/boa/boa.conf > > +++ b/package/boa/boa.conf > > @@ -7,7 +7,7 @@ > > # generated parser. If it reports an error, the line number will be > > # provided; it should be easy to spot. The syntax of each of these > > # rules is very simple, and they can occur in any order. Where possible > > -# these directives mimic those of NCSA httpd 1.3; I saw no reason to > > +# these directives mimic those of NCSA httpd 1.3; I saw no reason to > > Lots of spurious changes (removal of trailing spaces), should not be in > that patch. > > Regards, > Yann E. MORIN. Dont want my name showing up everywhere with a 'git blame', gonna do a V2 shortly. Norbert ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2020-07-17 20:53 UTC | newest] Thread overview: 3+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2020-07-17 10:20 [Buildroot] [PATCH 1/1] treewide: replace nogroup with nobody Norbert Lange 2020-07-17 20:20 ` Yann E. MORIN 2020-07-17 20:53 ` Norbert Lange
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.