Summary: | Removing acct-group from world does not change /etc/group and /etc/gshadow files | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Lemon Lime <torsi> |
Component: | Eclasses | Assignee: | Michał Górny <mgorny> |
Status: | RESOLVED CANTFIX | ||
Severity: | enhancement | CC: | floppym |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | AMD64 | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Lemon Lime
2023-05-30 15:00:48 UTC
That's intended behavior. It is not safe to remove the users/groups without first cleaning up any files leftover on the filesystem. Removing the user/group allows the id to be re-used by some new user/group, and they would end up having access to files they shouldn't. What Mike said. The ebuilds can't guarantee it's safe to remove users/groups, so we merely lock the users. Even if we literally traversed the file system for ownership, that: 1) would make removals super slow, 2) would be vulnerable to races, 3) wouldn't guarantee that the user/group doesn't own files on non-mounted fileystem, 4) wouldn't guarantee that the user/group isn't used in some configs. I'm afraid there's nothing we can do about it. Someone could write a tool to perform automated scan & cleanup of "removed" users and groups but that requires time that none of the us probably has at the moment. I see. I couldn't have imagined the security risks and technical challenges it implies. Thank you for the quick response and all your work! It is really appreciated. I'll mark this as resolved Have a good day |