From: Norbert Lange <nolange79@gmail.com>
To: buildroot@buildroot.org
Cc: Norbert Lange <nolange79@gmail.com>
Subject: [Buildroot] [PATCH 1/2] support/scripts/mkusers: allow option for system uid/gid
Date: Fri, 14 Jan 2022 11:12:45 +0100 [thread overview]
Message-ID: <20220114101247.342256-1-nolange79@gmail.com> (raw)
Some software decides based on uid/gid whether a user is a
system or normal/human user, with differnt behaviour for those
flavors (example journald [2]).
So adding logic to create system-users is necessary, we take
the now common ranges from [1].
This extends the mkusers script to allow -2 for uid/gid,
this argument will take an identifier from the system range.
System/user ranges are added as variables, and the argument
for user/system uid was added as variable aswell.
Thus some magic constants could be removed, some further
occurences of -1 were replaced with equivalent logic.
[1] - https://systemd.io/UIDS-GIDS/
[2] - https://www.freedesktop.org/software/systemd/man/journald.conf.html
Signed-off-by: Norbert Lange <nolange79@gmail.com>
---
support/scripts/mkusers | 57 +++++++++++++++++++++++++++++------------
1 file changed, 40 insertions(+), 17 deletions(-)
diff --git a/support/scripts/mkusers b/support/scripts/mkusers
index d00ba33823..9d8295e8a3 100755
--- a/support/scripts/mkusers
+++ b/support/scripts/mkusers
@@ -8,6 +8,15 @@ MIN_UID=1000
MAX_UID=1999
MIN_GID=1000
MAX_GID=1999
+# use names from /etc/adduser.conf
+FIRST_SYSTEM_UID=100
+LAST_SYSTEM_UID=999
+FIRST_SYSTEM_GID=100
+LAST_SYSTEM_GID=999
+# argument to automatically crease system/user id
+AUTO_SYSTEM_ID=-2
+AUTO_USER_ID=-1
+
# No more is configurable below this point
#----------------------------------------------------------------------------
@@ -136,9 +145,9 @@ check_user_validity() {
fail "invalid username '%s\n'" "${username}"
fi
- if [ ${gid} -lt -1 -o ${gid} -eq 0 ]; then
+ if [ ${gid} -lt -2 -o ${gid} -eq 0 ]; then
fail "invalid gid '%d' for '%s'\n" ${gid} "${username}"
- elif [ ${gid} -ne -1 ]; then
+ elif [ ${gid} -ge 0 ]; then
# check the gid is not already used for another group
if [ -n "${_group}" -a "${_group}" != "${group}" ]; then
fail "gid '%d' for '%s' is already used by group '%s'\n" \
@@ -162,9 +171,9 @@ check_user_validity() {
fi
fi
- if [ ${uid} -lt -1 -o ${uid} -eq 0 ]; then
+ if [ ${uid} -lt -2 -o ${uid} -eq 0 ]; then
fail "invalid uid '%d' for '%s'\n" ${uid} "${username}"
- elif [ ${uid} -ne -1 ]; then
+ elif [ ${uid} -ge 0 ]; then
# check the uid is not already used for another user
if [ -n "${_username}" -a "${_username}" != "${username}" ]; then
fail "uid '%d' for '%s' already used by user '%s'\n" \
@@ -198,16 +207,18 @@ check_user_validity() {
# - not already used by a group
generate_gid() {
local group="${1}"
+ local mingid="${2:-$MIN_UID}"
+ local maxgid="${3:-$MAX_UID}"
local gid
gid="$( get_gid "${group}" )"
if [ -z "${gid}" ]; then
- for(( gid=MIN_GID; gid<=MAX_GID; gid++ )); do
+ for(( gid=mingid; gid<=maxgid; gid++ )); do
if [ -z "$( get_group "${gid}" )" ]; then
break
fi
done
- if [ ${gid} -gt ${MAX_GID} ]; then
+ if [ ${gid} -gt ${maxgid} ]; then
fail "can not allocate a GID for group '%s'\n" "${group}"
fi
fi
@@ -222,8 +233,12 @@ add_one_group() {
local members
# Generate a new GID if needed
- if [ ${gid} -eq -1 ]; then
- gid="$( generate_gid "${group}" )"
+ if [ ${gid} -lt 0 ]; then
+ if [ ${gid} -eq ${AUTO_USER_ID} ]; then
+ gid="$( generate_gid "${group}" )"
+ else
+ gid="$( generate_gid "${group}" $FIRST_SYSTEM_GID $LAST_SYSTEM_GID )"
+ fi
fi
members=$(get_members "$group")
@@ -247,16 +262,19 @@ add_one_group() {
# - not already used by a user
generate_uid() {
local username="${1}"
+ local minuid="${2:-$MIN_UID}"
+ local maxuid="${3:-$MAX_UID}"
+
local uid
uid="$( get_uid "${username}" )"
if [ -z "${uid}" ]; then
- for(( uid=MIN_UID; uid<=MAX_UID; uid++ )); do
+ for(( uid=minuid; uid<=maxuid; uid++ )); do
if [ -z "$( get_username "${uid}" )" ]; then
break
fi
done
- if [ ${uid} -gt ${MAX_UID} ]; then
+ if [ ${uid} -gt ${maxuid} ]; then
fail "can not allocate a UID for user '%s'\n" "${username}"
fi
fi
@@ -307,8 +325,13 @@ add_one_user() {
check_user_validity "${username}" "${uid}" "${group}" "${gid}"
# Generate a new UID if needed
- if [ ${uid} -eq -1 ]; then
- uid="$( generate_uid "${username}" )"
+ if [ ${uid} -lt 0 ]; then
+ if [ ${uid} -eq ${AUTO_USER_ID} ]; then
+ uid="$( generate_uid "${username}" )"
+ else
+ uid="$( generate_uid "${username}" $FIRST_SYSTEM_UID $LAST_SYSTEM_UID )"
+
+ fi
fi
# Remove any previous instance of this user
@@ -384,8 +407,8 @@ main() {
ENTRIES+=( "${line}" )
done < <( sed -r -e 's/#.*//; /^[[:space:]]*$/d;' "${USERS_TABLE}" )
- # We first create groups whose gid is not -1, and then we create groups
- # whose gid is -1 (automatic), so that, if a group is defined both with
+ # We first create groups whose gid is positive, and then we create groups
+ # whose gid is automatic, so that, if a group is defined both with
# a specified gid and an automatic gid, we ensure the specified gid is
# used, rather than a different automatic gid is computed.
@@ -399,7 +422,7 @@ main() {
# Then, create all the main groups which gid *is* automatic
for line in "${ENTRIES[@]}"; do
read username uid group gid passwd home shell groups comment <<<"${line}"
- [ ${gid} -eq -1 ] || continue # Non-automatic gid
+ [ ${gid} -lt 0 ] || continue # Non-automatic gid
add_one_group "${group}" "${gid}"
done
@@ -410,7 +433,7 @@ main() {
read username uid group gid passwd home shell groups comment <<<"${line}"
if [ "${groups}" != "-" ]; then
for g in ${groups//,/ }; do
- add_one_group "${g}" -1
+ add_one_group "${g}" ${AUTO_USER_ID}
done
fi
done
@@ -433,7 +456,7 @@ main() {
for line in "${ENTRIES[@]}"; do
read username uid group gid passwd home shell groups comment <<<"${line}"
[ "${username}" != "-" ] || continue # Magic string to skip user creation
- [ ${uid} -eq -1 ] || continue # Non-automatic uid
+ [ ${uid} -lt 0 ] || continue # Non-automatic uid
add_one_user "${username}" "${uid}" "${group}" "${gid}" "${passwd}" \
"${home}" "${shell}" "${groups}" "${comment}"
done
--
2.34.1
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
next reply other threads:[~2022-01-14 10:13 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-14 10:12 Norbert Lange [this message]
2022-01-14 10:12 ` [Buildroot] [PATCH 2/2] mkusers: change default from normal to system user Norbert Lange
2022-01-16 12:27 ` Arnout Vandecappelle
2022-02-05 22:14 ` Arnout Vandecappelle
2022-01-16 12:25 ` [Buildroot] [PATCH 1/2] support/scripts/mkusers: allow option for system uid/gid Arnout Vandecappelle
2022-01-17 9:34 ` Norbert Lange
2022-02-05 22:13 ` Arnout Vandecappelle
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220114101247.342256-1-nolange79@gmail.com \
--to=nolange79@gmail.com \
--cc=buildroot@buildroot.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.