From patchwork Thu Aug 25 21:47:16 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Korsgaard X-Patchwork-Id: 662951 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3sKyT10Q0cz9s4x for ; Fri, 26 Aug 2016 07:47:33 +1000 (AEST) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b=vp+0mAIS; dkim-atps=neutral Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id F3D7E31751; Thu, 25 Aug 2016 21:47:29 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id za9NTmy0U3mQ; Thu, 25 Aug 2016 21:47:28 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by silver.osuosl.org (Postfix) with ESMTP id 9216431759; Thu, 25 Aug 2016 21:47:27 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) by ash.osuosl.org (Postfix) with ESMTP id CFD001C1ECC for ; Thu, 25 Aug 2016 21:47:26 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id CA5DB87D9A for ; Thu, 25 Aug 2016 21:47:26 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J7Cf2LT0DMVc for ; Thu, 25 Aug 2016 21:47:25 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mail-wm0-f68.google.com (mail-wm0-f68.google.com [74.125.82.68]) by fraxinus.osuosl.org (Postfix) with ESMTPS id 7CD0086BE2 for ; Thu, 25 Aug 2016 21:47:25 +0000 (UTC) Received: by mail-wm0-f68.google.com with SMTP id i5so9044197wmg.2 for ; Thu, 25 Aug 2016 14:47:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:from:to:cc:subject:date:message-id; bh=L6MHbQiuBhlrBN+UXbm6fhL92lIqSuo5Rv+q1A+eOqs=; b=vp+0mAISzppHh626zly9zNf20A/yjp/HVzfGWvC6pnzHO5Uy/TZjtyPGCXh0ZHJaz4 q7DUVUTu0ezz7q2vAySiZPuL1Mqikdrh40tokePDqBX4vvJ4aP8O6rDR3HLVKUZZh4c5 pPugePVtqBmC68aE0roflAkjuwxTquzRJjf5OhjLEXgJsq0YW8We8uBgrhWS9SLk81Yh gD08N3644hOwTFoUL6mdzs+Ln5tEQkAAg0etl9ekPEZNYwCXTlSLpqVxTPeqIzIHecf4 6bNrmRBgMvo3n6+y8xxSjg03lX2CXoOQ9DddSFmwOXEvet6gQkeo8Rdf6AgjA+919PWA 89XQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id; bh=L6MHbQiuBhlrBN+UXbm6fhL92lIqSuo5Rv+q1A+eOqs=; b=Wp69I3q8cY1fptIi2YqgCGL3iByx8CMxPb3S6b0APDtIZ03CebSrppN0WDUjnvNNPe FuLpibG0kF+8crepXHk/UkLPP7bpK19ejjOcTZk8uv6ITy8r+DYp+orf/DNsAXqEYfU4 ClGFqRBrOnqSESr7tQf1hFmACHpLAaXk1KBeTRwPue8xfV4K/HFZshE9705k96VIWcIH /UvvPNegR4EdAViCGiJJmh4T/InazqfK+cQ+4aej4gePaU9PpuT32ZATuA5mub1lv0hh xZsCE3XPhUbkMWWVvWw3umthtfpmObGw9wLONnyhqX8Myu378zVlvEci9fHrnLCr8vTT tWoA== X-Gm-Message-State: AEkooutR+ZaPdisw0IvTcPOQcT1chG1M89nwJ2p33yHZOZbsbn6T0oa4EeCeHOliUHVgNA== X-Received: by 10.194.236.132 with SMTP id uu4mr9176799wjc.176.1472161643809; Thu, 25 Aug 2016 14:47:23 -0700 (PDT) Received: from dell.be.48ers.dk ([2001:6f8:1434:0:6267:20ff:fe4e:21b6]) by smtp.gmail.com with ESMTPSA id hy3sm16999631wjb.8.2016.08.25.14.47.23 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 25 Aug 2016 14:47:23 -0700 (PDT) Received: from peko by dell.be.48ers.dk with local (Exim 4.84) (envelope-from ) id 1bd2Uc-0000fA-6k; Thu, 25 Aug 2016 23:47:22 +0200 From: Peter Korsgaard To: buildroot@buildroot.org Date: Thu, 25 Aug 2016 23:47:16 +0200 Message-Id: <1472161636-2504-1-git-send-email-peter@korsgaard.com> X-Mailer: git-send-email 2.8.1 Subject: [Buildroot] [PATCH/next] system/skeleton: use uid/gid 65534 for nobody/nogroup X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" As recently discussed on lwn.net: https://lwn.net/Articles/695478/ The kernel has special behaviour for uid/gid 65534: 1. The kernel maps UIDs > 65535 to it when some subsystem/API/fs only supports 16bit UIDs, but a 32bit UID is passed to it. 2. it's used by the kernel's user namespacing as the internal UID that external UIDs are mapped to that don't have any local mapping. 3. It's used by NFS for all user IDs that cannot be mapped locally if UID mapping is enabled. Most distributions already map (or are in the progress of changing) nobody/nogroup to the 65534 uid/gid, so lets do so as well. Signed-off-by: Peter Korsgaard Acked-by: Arnout Vandecappelle (Essensium/Mind) --- system/skeleton/etc/group | 2 +- system/skeleton/etc/passwd | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/system/skeleton/etc/group b/system/skeleton/etc/group index c813da2..76346b3 100644 --- a/system/skeleton/etc/group +++ b/system/skeleton/etc/group @@ -22,5 +22,5 @@ plugdev:x:46: staff:x:50: lock:x:54: netdev:x:82: -nogroup:x:99: users:x:100: +nogroup:x:65534: diff --git a/system/skeleton/etc/passwd b/system/skeleton/etc/passwd index 883265a..d8281d2 100644 --- a/system/skeleton/etc/passwd +++ b/system/skeleton/etc/passwd @@ -6,4 +6,4 @@ sync:x:4:100:sync:/bin:/bin/sync mail:x:8:8:mail:/var/spool/mail:/bin/false www-data:x:33:33:www-data:/var/www:/bin/false operator:x:37:37:Operator:/var:/bin/false -nobody:x:99:99:nobody:/home:/bin/false +nobody:x:65534:65534:nobody:/home:/bin/false