From: Norbert Lange <nolange79@gmail.com>
To: buildroot@buildroot.org
Cc: Norbert Lange <nolange79@gmail.com>
Subject: [Buildroot] [PATCH 1/2] support/scripts/mkusers: allow option for system uid/gid
Date: Fri, 14 Jan 2022 11:12:45 +0100 [thread overview]
Message-ID: <20220114101247.342256-1-nolange79@gmail.com> (raw)
Some software decides based on uid/gid whether a user is a
system or normal/human user, with differnt behaviour for those
flavors (example journald [2]).
So adding logic to create system-users is necessary, we take
the now common ranges from [1].
This extends the mkusers script to allow -2 for uid/gid,
this argument will take an identifier from the system range.
System/user ranges are added as variables, and the argument
for user/system uid was added as variable aswell.
Thus some magic constants could be removed, some further
occurences of -1 were replaced with equivalent logic.
[1] - https://systemd.io/UIDS-GIDS/
[2] - https://www.freedesktop.org/software/systemd/man/journald.conf.html
Signed-off-by: Norbert Lange <nolange79@gmail.com>
---
support/scripts/mkusers | 57 +++++++++++++++++++++++++++++------------
1 file changed, 40 insertions(+), 17 deletions(-)
diff --git a/support/scripts/mkusers b/support/scripts/mkusers
index d00ba33823..9d8295e8a3 100755
--- a/support/scripts/mkusers
+++ b/support/scripts/mkusers
@@ -8,6 +8,15 @@ MIN_UID=1000
MAX_UID=1999
MIN_GID=1000
MAX_GID=1999
+# use names from /etc/adduser.conf
+FIRST_SYSTEM_UID=100
+LAST_SYSTEM_UID=999
+FIRST_SYSTEM_GID=100
+LAST_SYSTEM_GID=999
+# argument to automatically crease system/user id
+AUTO_SYSTEM_ID=-2
+AUTO_USER_ID=-1
+
# No more is configurable below this point
#----------------------------------------------------------------------------
@@ -136,9 +145,9 @@ check_user_validity() {
fail "invalid username '%s\n'" "${username}"
fi
- if [ ${gid} -lt -1 -o ${gid} -eq 0 ]; then
+ if [ ${gid} -lt -2 -o ${gid} -eq 0 ]; then
fail "invalid gid '%d' for '%s'\n" ${gid} "${username}"
- elif [ ${gid} -ne -1 ]; then
+ elif [ ${gid} -ge 0 ]; then
# check the gid is not already used for another group
if [ -n "${_group}" -a "${_group}" != "${group}" ]; then
fail "gid '%d' for '%s' is already used by group '%s'\n" \
@@ -162,9 +171,9 @@ check_user_validity() {
fi
fi
- if [ ${uid} -lt -1 -o ${uid} -eq 0 ]; then
+ if [ ${uid} -lt -2 -o ${uid} -eq 0 ]; then
fail "invalid uid '%d' for '%s'\n" ${uid} "${username}"
- elif [ ${uid} -ne -1 ]; then
+ elif [ ${uid} -ge 0 ]; then
# check the uid is not already used for another user
if [ -n "${_username}" -a "${_username}" != "${username}" ]; then
fail "uid '%d' for '%s' already used by user '%s'\n" \
@@ -198,16 +207,18 @@ check_user_validity() {
# - not already used by a group
generate_gid() {
local group="${1}"
+ local mingid="${2:-$MIN_UID}"
+ local maxgid="${3:-$MAX_UID}"
local gid
gid="$( get_gid "${group}" )"
if [ -z "${gid}" ]; then
- for(( gid=MIN_GID; gid<=MAX_GID; gid++ )); do
+ for(( gid=mingid; gid<=maxgid; gid++ )); do
if [ -z "$( get_group "${gid}" )" ]; then
break
fi
done
- if [ ${gid} -gt ${MAX_GID} ]; then
+ if [ ${gid} -gt ${maxgid} ]; then
fail "can not allocate a GID for group '%s'\n" "${group}"
fi
fi
@@ -222,8 +233,12 @@ add_one_group() {
local members
# Generate a new GID if needed
- if [ ${gid} -eq -1 ]; then
- gid="$( generate_gid "${group}" )"
+ if [ ${gid} -lt 0 ]; then
+ if [ ${gid} -eq ${AUTO_USER_ID} ]; then
+ gid="$( generate_gid "${group}" )"
+ else
+ gid="$( generate_gid "${group}" $FIRST_SYSTEM_GID $LAST_SYSTEM_GID )"
+ fi
fi
members=$(get_members "$group")
@@ -247,16 +262,19 @@ add_one_group() {
# - not already used by a user
generate_uid() {
local username="${1}"
+ local minuid="${2:-$MIN_UID}"
+ local maxuid="${3:-$MAX_UID}"
+
local uid
uid="$( get_uid "${username}" )"
if [ -z "${uid}" ]; then
- for(( uid=MIN_UID; uid<=MAX_UID; uid++ )); do
+ for(( uid=minuid; uid<=maxuid; uid++ )); do
if [ -z "$( get_username "${uid}" )" ]; then
break
fi
done
- if [ ${uid} -gt ${MAX_UID} ]; then
+ if [ ${uid} -gt ${maxuid} ]; then
fail "can not allocate a UID for user '%s'\n" "${username}"
fi
fi
@@ -307,8 +325,13 @@ add_one_user() {
check_user_validity "${username}" "${uid}" "${group}" "${gid}"
# Generate a new UID if needed
- if [ ${uid} -eq -1 ]; then
- uid="$( generate_uid "${username}" )"
+ if [ ${uid} -lt 0 ]; then
+ if [ ${uid} -eq ${AUTO_USER_ID} ]; then
+ uid="$( generate_uid "${username}" )"
+ else
+ uid="$( generate_uid "${username}" $FIRST_SYSTEM_UID $LAST_SYSTEM_UID )"
+
+ fi
fi
# Remove any previous instance of this user
@@ -384,8 +407,8 @@ main() {
ENTRIES+=( "${line}" )
done < <( sed -r -e 's/#.*//; /^[[:space:]]*$/d;' "${USERS_TABLE}" )
- # We first create groups whose gid is not -1, and then we create groups
- # whose gid is -1 (automatic), so that, if a group is defined both with
+ # We first create groups whose gid is positive, and then we create groups
+ # whose gid is automatic, so that, if a group is defined both with
# a specified gid and an automatic gid, we ensure the specified gid is
# used, rather than a different automatic gid is computed.
@@ -399,7 +422,7 @@ main() {
# Then, create all the main groups which gid *is* automatic
for line in "${ENTRIES[@]}"; do
read username uid group gid passwd home shell groups comment <<<"${line}"
- [ ${gid} -eq -1 ] || continue # Non-automatic gid
+ [ ${gid} -lt 0 ] || continue # Non-automatic gid
add_one_group "${group}" "${gid}"
done
@@ -410,7 +433,7 @@ main() {
read username uid group gid passwd home shell groups comment <<<"${line}"
if [ "${groups}" != "-" ]; then
for g in ${groups//,/ }; do
- add_one_group "${g}" -1
+ add_one_group "${g}" ${AUTO_USER_ID}
done
fi
done
@@ -433,7 +456,7 @@ main() {
for line in "${ENTRIES[@]}"; do
read username uid group gid passwd home shell groups comment <<<"${line}"
[ "${username}" != "-" ] || continue # Magic string to skip user creation
- [ ${uid} -eq -1 ] || continue # Non-automatic uid
+ [ ${uid} -lt 0 ] || continue # Non-automatic uid
add_one_user "${username}" "${uid}" "${group}" "${gid}" "${passwd}" \
"${home}" "${shell}" "${groups}" "${comment}"
done
--
2.34.1
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
next reply other threads:[~2022-01-14 10:13 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-14 10:12 Norbert Lange [this message]
2022-01-14 10:12 ` [Buildroot] [PATCH 2/2] mkusers: change default from normal to system user Norbert Lange
2022-01-16 12:27 ` Arnout Vandecappelle
2022-02-05 22:14 ` Arnout Vandecappelle
2022-01-16 12:25 ` [Buildroot] [PATCH 1/2] support/scripts/mkusers: allow option for system uid/gid Arnout Vandecappelle
2022-01-17 9:34 ` Norbert Lange
2022-02-05 22:13 ` Arnout Vandecappelle
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220114101247.342256-1-nolange79@gmail.com \
--to=nolange79@gmail.com \
--cc=buildroot@buildroot.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox