SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Not conflating overflowuid with "nobody" makes sense given the use of "nobody" to drop privilege: nothing should ever be owned by "nobody" while the purpose of overflowuid is expressly to own filesystem resources whose uids can't be represented in the filesystem.
I'd also be interested to see the reasoning for going back to sharing one uid value for both. It seems retrograde to me.
What is nobody used for, anyway? The finger daemon used to run as nobody but it is history. nfs used it to map client root to server nobody. What else?
Programs seem to have their own nobodies now: vsftpd has ftpsecure, dovecot has dovenull, sshd has sshd.
Last edited by Petri Kaukasoina; 03-13-2024 at 06:20 AM.
Yes, the modern convention is to give each daemon its own unprivileged account to run under rather than sharing "nobody" as was done in the past. I've no idea what if anything is still using nobody today.
Yes, the modern convention is to give each daemon its own unprivileged account to run under rather than sharing "nobody" as was done in the past. I've no idea what if anything is still using nobody today.
The NetworkManager-openvpn package currently has a patch (source/xap/NetworkManager-openvpn/openvpn.nobody.nogroup.diff.gz) to use it instead of the default separate user:
Code:
--- ./shared/nm-service-defines.h.orig 2020-03-06 06:38:55.000000000 -0600
+++ ./shared/nm-service-defines.h 2020-05-03 20:12:26.997028745 -0500
@@ -126,8 +126,8 @@
#define NM_OPENVPN_VERIFY_X509_NAME_TYPE_SUBJECT "subject"
/* User name and group to run nm-openvpn-service under */
-#define NM_OPENVPN_USER "nm-openvpn"
-#define NM_OPENVPN_GROUP "nm-openvpn"
+#define NM_OPENVPN_USER "nobody"
+#define NM_OPENVPN_GROUP "nogroup"
#define NM_OPENVPN_CHROOT LOCALSTATEDIR "/lib/openvpn/chroot"
#endif /* __NM_SERVICE_DEFINES_H__ */
I think it would be a good idea to drop the patch and create the nm-openvpn user/group. And while we're at it: both Gentoo and Arch have AFAICS an additional user "openvpn" for OpenVPN as a "normal" (non-NetworkManager) daemon. It would be great to get them both officially added.
Well, as a result of the bug report I filed,
--disable-pthreads will also disable vulkan thereby not requiring _both_ --disable-pthreads _and_ --disable-vulkan
ffmpeg still requires threads.
Therefore with --disable-pthreads, only ffplay & ffprobe get built but _not_ ffmpeg
(many, many items for ffmpeg have been changed to require pthreads)
Wed Mar 13 19:46:48 UTC 2024
a/etc-15.1-x86_64-9.txz: Rebuilt.
Added proftpd user (97) and proftpd group (97).
Added nm-openvpn user (320) and nm-openvpn group (320).
Added openvpn user (443) and openvpn group (443).
Added overflowuid user (65534) and overflowgid group (65534).
Maybe some sort of check/warning would be good to find out if uids/gids are already used in the system for something else?
Few of these new ones being assigned, I've been using them for other things for many years.
Wed Mar 13 19:46:48 UTC 2024
a/etc-15.1-x86_64-9.txz: Rebuilt.
Added proftpd user (97) and proftpd group (97).
Added nm-openvpn user (320) and nm-openvpn group (320).
Added openvpn user (443) and openvpn group (443).
Added overflowuid user (65534) and overflowgid group (65534).
Maybe some sort of check/warning would be good to find out if uids/gids are already used in the system for something else?
Few of these new ones being assigned, I've been using them for other things for many years.
If that ends up being the case I'm not sure what we could do about it, since I'm going to be doing a static assignment here. I do check the SBo list and use the established UID/GID from that where possible. OpenVPN I used the TCP port number.
Anyway, I'll probably never assign anything from 500-999, so that's all open for local system usage.
Wed Mar 13 19:46:48 UTC 2024
a/etc-15.1-x86_64-9.txz: Rebuilt.
Added proftpd user (97) and proftpd group (97).
Added nm-openvpn user (320) and nm-openvpn group (320).
Added openvpn user (443) and openvpn group (443).
Added overflowuid user (65534) and overflowgid group (65534).
Maybe some sort of check/warning would be good to find out if uids/gids are already used in the system for something else?
Few of these new ones being assigned, I've been using them for other things for many years.
I use https://slackbuilds.org/uid_gid.txt as my guide. Only one in this listing is 320, the rest are not used. Probably time to update this list.
The "major mess" mm (that's actually "maintainer-mode" for those whom don't know) problem and solution.
For some time the *mm components have been getting stale-- this isn't a problem as most of them are current libraries used by the system. But eventually more apps will require the newer ABI versions and Slackware can't accomodate them. As noted then, there was breakage when updating them, which is why I suggest not updating them, but extending them.
I propose adding a few new mm packages into the mix, namely "cairomm1" with the newer 1.16 ABI. A "glibmm2" with the 2.68 ABI. A "gtkmm4" for the GTK4 ABI, and last but not least a "pangomm2" with the 2.48 ABI. (package names are negotiable
I was specifically looking into the glibmm package as I wanted to build something dependent on a newer release, yet noticed things broke if I upgraded it in place, so naturally, making a new package seemed the most logical next step. In this process, I noticed each one of this puzzle was needed for another piece to fit together. Now with all 4, I can build newer applications while not breaking the old ones already included based upon glibmm libraries (cdrdao, pavucontrol, and gparted came up in my search). I assume this will also help along other newer software to become buildable as well.
All of these are needed for newer GNOME software, and I presume other things out and about on the net as well. My hastily edited scripts are here along with the slackbuilds I was checking for breakage along the way. Everything builds cleanly just like it had without these new packages being added as well. I know the GFS project uses something like these to build software as well, so it'd benefit the community to have them directly included in Slackware, where they belong.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
