site  contact  subhomenews

Predetermined uid and gid

July 03, 2024 — BarryK

Running each app as its own user brings challenges. There is one problem that has "flown under the radar", until recently; I hit it with Firefox.

What can happen is that you create an app, say Firefox, to run as its own user, which will be "firefox". There are two scripts that handle this creation; /usr/local/clients/setup-client and /usr/local/clients/create-client-environment. The busybox 'addgroup' and 'adduser' utilites are run, and the utilities are allowed to assign user-id and group-id numbers. This is the problem.

These uid and gid numbers are assigned so as not to clash with any numbers already existing in /etc/passwd and /etc/group

The potential situation is that /home/firefox may have been previously created, with all folders and files in it assigned particular uid and gid. However, those entries may not exist in /etc/passwd and /etc/group. It is then possible that addgroup and adduser utilities will run again, to create entries in those files, but the uid and gid will most likely be different from what is assigned to the folders and files in /home/firefox

The scripts do check this, and will correct all folders and files in /home/firefox, but that is an extra step and I would rather it didn't require that fix.

I hit this problem with Firefox because I do a lot of messing around; the abovementioned fix didn't happen due to the messing around. It is probably not an issue that most users will encounter. But the fact that is can potentially happen is cause for concern. So I have come up with a solution; predetermined uid and gid.

What those scripts now do is determine uid and gid in advance, using this formula:

# A=chrome
# echo 2$((64#$A)) | head -c 5 | xargs -I XXX printf %-5s XXX | tr ' ' 0
21317
# A=ungoogled
# echo 2$((64#$A)) | head -c 5 | xargs -I XXX printf %-5s XXX | tr ' ' 0
28546
# A=claws
# echo 2$((64#$A)) | head -c 5 | xargs -I XXX printf %-5s XXX | tr ' ' 0
22068
# A=firefox
# echo 2$((64#$A)) | head -c 5 | xargs -I XXX printf %-5s XXX | tr ' ' 0
21050
# A=chromium
# echo 2$((64#$A)) | head -c 5 | xargs -I XXX printf %-5s XXX | tr ' ' 0
25397

In the scripts, it is assigned as variable $UGID:

busybox addgroup -g ${UGID} ${APPname}
busybox adduser -u ${UGID} -h /home/${APPname} -G ${APPname} -D -H ${APPname}

Theoretically of course, there could be a clash, two different names generating the same number, but very unlikely.   

Tags: easy