Predetermined uid and gid
Running each app as its own user brings challenges. There is one problem that has "flown under the radar", until recently; I hit it with Firefox.
What can happen is that you create an app, say Firefox, to run as its own user, which will be "firefox". There are two scripts that handle this creation; /usr/local/clients/setup-client and /usr/local/clients/create-client-environment. The busybox 'addgroup' and 'adduser' utilites are run, and the utilities are allowed to assign user-id and group-id numbers. This is the problem.
These uid and gid numbers are assigned so as not to clash with any numbers already existing in /etc/passwd and /etc/group
The potential situation is that /home/firefox may have been previously created, with all folders and files in it assigned particular uid and gid. However, those entries may not exist in /etc/passwd and /etc/group. It is then possible that addgroup and adduser utilities will run again, to create entries in those files, but the uid and gid will most likely be different from what is assigned to the folders and files in /home/firefox
The scripts do check this, and will correct all folders and files
in /home/firefox, but that is an extra step and I would rather it
didn't require that fix.
I hit this problem with Firefox because I do a lot of messing
around; the abovementioned fix didn't happen due to the messing
around. It is probably not an issue that most users will
encounter. But the fact that is can potentially happen is cause
for concern. So I have come up with a solution; predetermined uid
and gid.
What those scripts now do is determine uid and gid in advance, using this formula:
# A=chrome
# echo 2$((64#$A)) | head -c 5 | xargs -I XXX printf %-5s XXX | tr ' ' 0
21317
# A=ungoogled
# echo 2$((64#$A)) | head -c 5 | xargs -I XXX printf %-5s XXX | tr ' ' 0
28546
# A=claws
# echo 2$((64#$A)) | head -c 5 | xargs -I XXX printf %-5s XXX | tr ' ' 0
22068
# A=firefox
# echo 2$((64#$A)) | head -c 5 | xargs -I XXX printf %-5s XXX | tr ' ' 0
21050
# A=chromium
# echo 2$((64#$A)) | head -c 5 | xargs -I XXX printf %-5s XXX | tr ' ' 0
25397
In the scripts, it is assigned as variable $UGID:
busybox addgroup -g ${UGID} ${APPname}
busybox adduser -u ${UGID} -h /home/${APPname} -G ${APPname} -D -H ${APPname}
Theoretically of course, there could be a clash, two different
names generating the same number, but very
unlikely.
Tags: easy