[PATCH] add user:has-account-with-uid

Sean Whitton spwhitton at spwhitton.name
Mon Sep 13 18:30:31 BST 2021 

Hello,

On Mon 13 Sep 2021 at 09:00AM -03, David Bremner wrote:

> Sean Whitton <spwhitton at spwhitton.name> writes:
>
>>> +   (let* ((gid-str (write-to-string gid))
>>> +          (uid-str (write-to-string uid))
>>> +          (uid+gid (format nil "~d:~d" uid gid))
>>> +          (home (passwd-entry 5 username)))
>>> +     (mrun "groupmod" "--gid" gid-str username)
>>> +     (mrun "usermod" "--uid" uid-str username)
>>> +     (mrun "chown" "-R" uid+gid home))))
>>
>> I've realised a potential problem with your approach here, sorry I
>> didn't think of it earlier -- what happens if the caller specifies a gid
>> of a group that doesn't exist?  I guess the chown will still succeed,
>> but is that okay?  Should we also ensure the group exists?
>
> groupmod will fail in that case. Do I need to do something more to abort
> the application?

Ah yes, that's sufficient for an abort.

I think that I mistakenly thought that the groupmod command was moving
USERNAME into the group with the new gid, but actually what the property
does is change the gid of whatever USERNAME's primary group is to the
new gid.  To be honest I think that given the current docstrings it
would be rather surprising that the property modifies the group at all,
rather than just modifying the user and the user's files.

But what you've written is the right thing on a standard Debian system
where each user has their own group -- if you need a user to have a
particular UID, then you want to also update the primary group's gid.
So how about we qualify the property with (os:required 'os:debianlike)?
If someone wanted to implement it for another OS with different gid
handling, it could easily be converted to OS:ETYPECASE at that point.

If you agree, then should gid remain an optional parameter, or should we
always change the gid of the primary group to match the supplied uid?
Can you think of a use case in which you would want to supply a
different gid?

What I am thinking is that if USERNAME's primary group is not the
identically-named group created by useradd, then it's probably a group
which more than one user has as a primary group (e.g. "students"), in
which case you wouldn't want to change its gid as that would affect
other users; indeed it would break their homedirs.

Perhaps there could be a parameter which says "don't touch the group".
Or you could modify the group just when the user is the only user which
has it as a primary group?

Let me know what you think.

>> Also just while we're here, do you mind if I switch $HOME for HOME?  I
>> believe that is the standard way to refer to environment variables
>> outside of shell scripts.
>
> I was trying to distinguish between lisp variables and environment
> variables, since common-lisp writes the lisp variable 'home' as HOME in
> docstrings. Maybe there is a better way to do that? Or maybe I should
> not try to fit everything on the first line of the docstrings.

Hrm good point.  The only thing that occurs to me is writing ~USERNAME
to refer to USERNAME's home directory.

-- 
Sean Whitton

More information about the sgo-software-discuss mailing list