[Buildroot] [PATCH 1/1] treewide: replace nogroup with nobody
Yann E. MORIN
yann.morin.1998 at free.fr
Fri Jul 17 20:20:43 UTC 2020
Norbert, All,
On 2020-07-17 12:20 +0200, Norbert Lange spake thusly:
> Use the recommended groupname for user nobody. One practical
> issue is that systemd-sysusers will otherwise create a
> nobody group with gid 999.
>
> Quote: "If the username exists on a system,then they should
> be in the suggested corresponding group".
>
> https://refspecs.linuxfoundation.org/LSB_5.0.0/LSB-Core-generic/LSB-Core-generic/usernames.html
Note the phrasing, which states 'should' and 'suggested', in that they
are not mandatory. And indeed, I'm looking at Ubuntu 19.10 here. which
has a 'nogroup' group, and no 'nobody' group.
It is however to be noted that, initially, only the 'nobody' group did
exist (commit 339f2f492e, 2001-12-22), and subsequently removed soon
afterwards (commit 08782ae7d8, 2002-04-26). to be then reintroduced
again a while later (commit 3ed6fb0af3, 2005-08-07).
And them oh-so-shortly afterwards, the 'nogroup' group makes its grand
appearance (commit 3c31be684d, 2005-08-09), on the excuse to make LTP
happy.
However, nowadays, LTP does check preferentially for 'nobody', and falls
back on 'nogroup', with this comment (in IDcheck.sh):
# nobody is a standard group on all distros, apart from debian based ones;
# let's account for the fact that they use the nogroup group instead.
So, indeed, switching to using 'nobody' makes sense, and would not make
LTP less happy.
As for the numbering, I seemd to recall some specificities of 65534, and
indeed I found commit 9c67af2c52, 2019-08-25, that switched 'nogroup'
from 99 to 65534, so we're clean there too.
And for the records, I was the one to drop the 'nobody' group 7 years
ago now, in commit 908198e756, stating "Anyway, the user 'nobody'
belongs to the group 'nogroup' in any sane distribution." Damn. ;-]
Nits, below...
> Signed-off-by: Norbert Lange <nolange79 at gmail.com>
> ---
> package/boa/boa.conf | 18 +++++++++---------
> package/mosquitto/mosquitto.mk | 2 +-
> package/oracle-mysql/oracle-mysql.mk | 2 +-
> package/systemd/systemd.mk | 1 -
> system/skeleton/etc/group | 2 +-
> 5 files changed, 12 insertions(+), 13 deletions(-)
>
> diff --git a/package/boa/boa.conf b/package/boa/boa.conf
> index e94029665f..03630c0f9a 100644
> --- a/package/boa/boa.conf
> +++ b/package/boa/boa.conf
> @@ -7,7 +7,7 @@
> # generated parser. If it reports an error, the line number will be
> # provided; it should be easy to spot. The syntax of each of these
> # rules is very simple, and they can occur in any order. Where possible
> -# these directives mimic those of NCSA httpd 1.3; I saw no reason to
> +# these directives mimic those of NCSA httpd 1.3; I saw no reason to
Lots of spurious changes (removal of trailing spaces), should not be in
that patch.
Regards,
Yann E. MORIN.
> # introduce gratuitous differences.
>
> # $Id: boa.conf,v 1.1 2004/10/09 02:48:37 andersen Exp $
> @@ -46,7 +46,7 @@ Port 80
> # Group: The group name or GID the server should run as.
>
> User nobody
> -Group nogroup
> +Group nobody
>
> # ServerAdmin: The email address where server problems should be sent.
> # Note: this is not currently used, except as an environment variable
> @@ -68,7 +68,7 @@ ErrorLog /var/log/boa/error_log
>
> # AccessLog: The location of the access log file. If this does not
> # start with /, it is considered relative to the server root.
> -# Comment out or set to /dev/null (less effective) to disable
> +# Comment out or set to /dev/null (less effective) to disable
> # Access logging.
>
> AccessLog /var/log/boa/access_log
> @@ -78,7 +78,7 @@ AccessLog /var/log/boa/access_log
> # process if the receiving end of a pipe stops reading."
> #AccessLog "|/usr/sbin/cronolog --symlink=/var/log/boa/access_log /var/log/boa/access-%Y%m%d.log"
>
> -# UseLocaltime: Logical switch. Uncomment to use localtime
> +# UseLocaltime: Logical switch. Uncomment to use localtime
> # instead of UTC time
> #UseLocaltime
>
> @@ -88,8 +88,8 @@ AccessLog /var/log/boa/access_log
>
> #VerboseCGILogs
>
> -# ServerName: the name of this server that should be sent back to
> -# clients if different than that returned by gethostname + gethostbyname
> +# ServerName: the name of this server that should be sent back to
> +# clients if different than that returned by gethostname + gethostbyname
>
> #ServerName www.your.org.here
>
> @@ -103,7 +103,7 @@ AccessLog /var/log/boa/access_log
> # output rules, it prepends the interface number to each access_log line.
> # You are expected to fix that problem with a postprocessing script.
>
> -#VirtualHost
> +#VirtualHost
>
> # DocumentRoot: The root directory of the HTML documents.
> # Comment out to disable server non user files.
> @@ -131,9 +131,9 @@ DirectoryMaker /usr/lib/boa/boa_indexer
>
> # DirectoryCache: If DirectoryIndex doesn't exist, and DirectoryMaker
> # has been commented out, the the on-the-fly indexing of Boa can be used
> -# to generate indexes of directories. Be warned that the output is
> +# to generate indexes of directories. Be warned that the output is
> # extremely minimal and can cause delays when slow disks are used.
> -# Note: The DirectoryCache must be writable by the same user/group that
> +# Note: The DirectoryCache must be writable by the same user/group that
> # Boa runs as.
>
> # DirectoryCache /var/spool/boa/dircache
> diff --git a/package/mosquitto/mosquitto.mk b/package/mosquitto/mosquitto.mk
> index 2a9b504eb8..cdd515e1a4 100644
> --- a/package/mosquitto/mosquitto.mk
> +++ b/package/mosquitto/mosquitto.mk
> @@ -114,7 +114,7 @@ define MOSQUITTO_INSTALL_INIT_SYSTEMD
> endef
>
> define MOSQUITTO_USERS
> - mosquitto -1 nogroup -1 * - - - Mosquitto user
> + mosquitto -1 nobody -1 * - - - Mosquitto user
> endef
> endif
>
> diff --git a/package/oracle-mysql/oracle-mysql.mk b/package/oracle-mysql/oracle-mysql.mk
> index 1449c58e41..ccfa40cfb1 100644
> --- a/package/oracle-mysql/oracle-mysql.mk
> +++ b/package/oracle-mysql/oracle-mysql.mk
> @@ -102,7 +102,7 @@ ORACLE_MYSQL_CONF_OPTS += --without-debug
> endif
>
> define ORACLE_MYSQL_USERS
> - mysql -1 nogroup -1 * /var/mysql - - MySQL daemon
> + mysql -1 nobody -1 * /var/mysql - - MySQL daemon
> endef
>
> define ORACLE_MYSQL_ADD_FOLDER
> diff --git a/package/systemd/systemd.mk b/package/systemd/systemd.mk
> index 88adf1941c..ddcf7d0cc0 100644
> --- a/package/systemd/systemd.mk
> +++ b/package/systemd/systemd.mk
> @@ -45,7 +45,6 @@ SYSTEMD_CONF_OPTS += \
> -Dloadkeys-path=/usr/bin/loadkeys \
> -Dsetfont-path=/usr/bin/setfont \
> -Dtelinit-path=/sbin/telinit \
> - -Dnobody-group=nogroup \
> -Didn=true \
> -Dnss-systemd=true \
> -Dportabled=false
> diff --git a/system/skeleton/etc/group b/system/skeleton/etc/group
> index 76346b35f2..6822a277bf 100644
> --- a/system/skeleton/etc/group
> +++ b/system/skeleton/etc/group
> @@ -23,4 +23,4 @@ staff:x:50:
> lock:x:54:
> netdev:x:82:
> users:x:100:
> -nogroup:x:65534:
> +nobody:x:65534:
> --
> 2.27.0
>
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
More information about the buildroot
mailing list