From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 50D80C4363A for ; Thu, 29 Oct 2020 16:15:20 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id E810620825 for ; Thu, 29 Oct 2020 16:15:19 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726333AbgJ2QPT (ORCPT ); Thu, 29 Oct 2020 12:15:19 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53394 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726195AbgJ2QPS (ORCPT ); Thu, 29 Oct 2020 12:15:18 -0400 X-Greylist: delayed 611 seconds by postgrey-1.37 at lindbergh.monkeyblade.net; Thu, 29 Oct 2020 09:15:18 PDT Received: from gardel.0pointer.net (gardel.0pointer.net [IPv6:2a01:238:43ed:c300:10c3:bcf3:3266:da74]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A0BF6C0613CF; Thu, 29 Oct 2020 09:15:18 -0700 (PDT) Received: from gardel-login.0pointer.net (gardel.0pointer.net [85.214.157.71]) by gardel.0pointer.net (Postfix) with ESMTP id 8D3CAE80409; Thu, 29 Oct 2020 17:05:05 +0100 (CET) Received: by gardel-login.0pointer.net (Postfix, from userid 1000) id E22A4160834; Thu, 29 Oct 2020 17:05:03 +0100 (CET) Date: Thu, 29 Oct 2020 17:05:02 +0100 From: Lennart Poettering To: "Eric W. Biederman" Cc: Christian Brauner , Alexander Viro , Christoph Hellwig , linux-fsdevel@vger.kernel.org, John Johansen , James Morris , Mimi Zohar , Dmitry Kasatkin , Stephen Smalley , Casey Schaufler , Arnd Bergmann , Andreas Dilger , OGAWA Hirofumi , Geoffrey Thomas , Mrunal Patel , Josh Triplett , Andy Lutomirski , Amir Goldstein , Miklos Szeredi , Theodore Tso , Alban Crequy , Tycho Andersen , David Howells , James Bottomley , Jann Horn , Seth Forshee , =?iso-8859-1?Q?St=E9phane?= Graber , Aleksa Sarai , smbarber@chromium.org, Phil Estes , Serge Hallyn , Kees Cook , Todd Kjos , Jonathan Corbet , containers@lists.linux-foundation.org, linux-security-module@vger.kernel.org, linux-api@vger.kernel.org, linux-ext4@vger.kernel.org, linux-unionfs@vger.kernel.org, linux-audit@redhat.com, linux-integrity@vger.kernel.org, selinux@vger.kernel.org Subject: Re: [PATCH 00/34] fs: idmapped mounts Message-ID: <20201029160502.GA333141@gardel-login> References: <20201029003252.2128653-1-christian.brauner@ubuntu.com> <87pn51ghju.fsf@x220.int.ebiederm.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <87pn51ghju.fsf@x220.int.ebiederm.org> Precedence: bulk List-ID: X-Mailing-List: linux-api@vger.kernel.org On Do, 29.10.20 10:47, Eric W. Biederman (ebiederm@xmission.com) wrote: > Is that the use case you are looking at removing the need for > systemd-homed to avoid chowning after lugging encrypted home directories > from one system to another? Why would it be desirable to avoid the > chown? Yes, I am very interested in seeing Christian's work succeed, for the usecase in systemd-homed. In systemd-homed each user gets their own private file system, and these fs shall be owned by the user's local UID, regardless in which system it is used. The UID should be an artifact of the local, individual system in this model, and thus the UID on of the same user/home on system A might be picked as 1010 and on another as 1543, and on a third as 1323, and it shouldn't matter. This way, home directories become migratable without having to universially sync UID assignments: it doesn't matter anymore what the local UID is. Right now we do a recursive chown() at login time to ensure the home dir is properly owned. This has two disadvantages: 1. It's slow. In particular on large home dirs, it takes a while to go through the whole user's homedir tree and chown/adjust ACLs for everything. 2. Because it is so slow we take a shortcut right now: if the top-level home dir inode itself is owned by the correct user, we skip the recursive chowning. This means in the typical case where a user uses the same system most of the time, and thus the UID is stable we can avoid the slowness. But this comes at a drawback: if the user for some reason ends up with files in their homedir owned by an unrelated user, then we'll never notice or readjust. > If the goal is to solve fragmented administration of uid assignment I > suggest that it might be better to solve the administration problem so > that all of the uids of interest get assigned the same way on all of the > systems of interest. Well, the goal is to make things simple and be able to use the home dir everywhere without any prior preparation, without central UID assignment authority. The goal is to have a scheme that requires no administration, by making the UID management problem go away. Hence, if you suggest solving this by having a central administrative authority: this is exactly what the model wants to get away from. Or to say this differently: just because I personally use three different computers, I certainly don't want to set up LDAP or sync UIDs manually. Lennart -- Lennart Poettering, Berlin