[Adduser-devel] Bug#248500: adduser: do not re-use uids used once

Aaron Hall ahall at vitaphone.net
Wed Jan 11 05:37:28 UTC 2006 

Hello, on a local system I wanted to fix the problem talked about in
this bug, and for us, the "naive" approach of selecting a UID one higher
than the highest currently in the range was good enough. I locally
modified adduser on my system to do that, and I created a patch against
3.80 in case it would be at all useful.

The patch uses a "NO_REUSE_IDS" option, which activates the new behavior
if set to "yes". It implements the change in the "first_avail_id()"
routine.

I am curious about the state-file approach, though; if that is
introduced with a new version of adduser, what do you do about "holes"
in the passwd file that existed prior to installation of that new
version? Maybe do something similar to the naive approach once, to
pre-fill the state file?

Cheers,
Aaron

-- 
Aaron Hall           :      Badly configured DNS will, not may, but WILL
ahall at vitaphone.net  :      reach out and touch many, many other people
                      :      in a way they didn't want to be touched.
                      :                                 -- John C. Welch
-------------- next part --------------
diff -c -r adduser-3.80/AdduserCommon.pm adduser-3.80-1+doctorwu1/AdduserCommon.pm
*** adduser-3.80/AdduserCommon.pm	Fri Nov 18 11:25:36 2005
--- adduser-3.80-1+doctorwu1/AdduserCommon.pm	Tue Jan 10 23:30:55 2006
***************
*** 186,191 ****
--- 186,192 ----
    $configref->{"last_system_gid"} = 999;
    $configref->{"first_gid"} = 1000;
    $configref->{"last_gid"} = 29999;
+   $configref->{"no_reuse_ids"} = "no";
    $configref->{"dhome"} = "/home";
    $configref->{"skel"} = "/etc/skel";
    $configref->{"usergroups"} = "yes";
diff -c -r adduser-3.80/adduser adduser-3.80-1+doctorwu1/adduser
*** adduser-3.80/adduser	Fri Nov 18 11:15:59 2005
--- adduser-3.80-1+doctorwu1/adduser	Tue Jan 10 23:30:55 2006
***************
*** 746,759 ****
      my ($min, $max, @ids) = @_;
      @ids = sort {$a <=> $b} @ids;
      printf (gtx("Selecting from %s %s (%s).\n"),$min,$max,join(",", at ids)) if ($verbose > 1);
-     
-     while ($min <= $max) {
- 	return $min if ($min <  $ids[0] || @ids==0);
- 	shift @ids  if ($min >  $ids[0]);
- 	$min++      if ($min == $ids[0]);
-     }
  
!     return -1;			# nothing available
  }
  
  
--- 746,775 ----
      my ($min, $max, @ids) = @_;
      @ids = sort {$a <=> $b} @ids;
      printf (gtx("Selecting from %s %s (%s).\n"),$min,$max,join(",", at ids)) if ($verbose > 1);
  
! 	if ($config{no_reuse_ids} =~ /yes/) {
! 		# "no_reuse_ids" is something of a lie, since it's possible
! 		# to reuse the previously-highest ID if it was deleted (i.e.,
! 		# if uid 1701 was highest, and it gets deleted, leaving 1700
! 		# as the highest, 1701 will be reused the next time, even with
! 		# no_reuse_ids.
! 		pop(@ids) until $ids[$#ids] <= $max;
! 		my $target_id = $ids[$#ids];
! 		$target_id++;
! 		return $target_id unless $target_id > $max;
! 
! 		# if $target_id is too large, pretend we found nothing
! 		return -1;
! 	}
! 	else {
! 		while ($min <= $max) {
! 		return $min if ($min <  $ids[0] || @ids==0);
! 		shift @ids  if ($min >  $ids[0]);
! 		$min++      if ($min == $ids[0]);
! 		}
! 
! 		return -1;			# nothing available
! 	}
  }
  
  
diff -c -r adduser-3.80/adduser.conf adduser-3.80-1+doctorwu1/adduser.conf
*** adduser-3.80/adduser.conf	Fri Nov 18 11:21:05 2005
--- adduser-3.80-1+doctorwu1/adduser.conf	Tue Jan 10 23:35:16 2006
***************
*** 33,38 ****
--- 33,44 ----
  FIRST_UID=1000
  LAST_UID=29999
  
+ # NO_REUSE_IDS can be either "yes" or "no". If "yes", adduser will
+ # attempt not to reuse a UID that once existed but has since been
+ # deleted. If there was once a UID higher than any presently-existing
+ # UID, that UID might still be reused.
+ NO_REUSE_IDS=no
+ 
  # The USERGROUPS variable can be either "yes" or "no".  If "yes" each
  # created user will be given their own group to use as a default.  If
  # "no", each created user will be placed in the group whose gid is
diff -c -r adduser-3.80/doc/adduser.conf.5 adduser-3.80-1+doctorwu1/doc/adduser.conf.5
*** adduser-3.80/doc/adduser.conf.5	Tue Aug 16 08:25:59 2005
--- adduser-3.80-1+doctorwu1/doc/adduser.conf.5	Tue Jan 10 23:30:55 2006
***************
*** 70,75 ****
--- 70,84 ----
  be dynamically allocated. Default to
  .IR 1000 " - " 29999 .
  .TP
+ \fBNO_REUSE_IDS\fP
+ If this is set to
+ .IR yes ,
+ adduser will attempt not to reuse a UID that has been used and
+ then removed. If there was once a UID higher than any 
+ presently\-existing UID, then that UID might possibly still be reused. 
+ Defaults to
+ .IR no .
+ .TP
  \fBUSERGROUPS\fP
  If this is set to
  .IR yes ,

More information about the Adduser-devel mailing list