[PATCH] 2nd attempt at deluser/delgroup size reduction and improvements
Denys Vlasenko
vda.linux at googlemail.com
Sun Nov 7 12:52:58 UTC 2010
On Sun, Nov 7, 2010 at 10:25 AM, Tito <farmatito at tiscali.it> wrote:
>> I am saying that "delgroup foo" (delgroup, not deluser)
>> should not check whether *user named foo* exists;
>> but should check that deleting group foo doesn't
>> leave users with "deleted" GIDs.
>
>> Example:
>>
>> /etc/passwd
>> haldaemon:x:68:490:HAL daemon:/:/sbin/nologin
>> foo:x:496:1234::/:/sbin/nologin
>>
>> /etc/group
>> foo:490:
>>
>> What "standard" delgroup foo will do? I suspect it will
>> complain that haldaemon user's primary GID is 490
>> and therefore group foo can't be deleted.
>
> adduser prova
> Adding user `prova' ...
> Adding new group `prova' (1006) ...
> Adding new user `prova' (1004) with group `prova' ...
> adduser prova2 --ingroup prova
> Adding user `prova2' ...
> Adding new user `prova2' (1005) with group `prova' ...
And what grep prova /etc/passwd /etc/group shows
after these?
> Test case 1: Removing user prova:
>
> deluser prova
Awww, my brainzzzz... Why do you delete *a user*?
We are trying to determine what is the correct behavior
of *delgroup*, right?
> Removing user `prova' ...
> Warning: group `prova' has no more members.
Seems like an erroneous message. Group prova
should still have at least prova2 user.
Looks like code only checks /etc/group line
whether it contains additional usernames:
prova:x:1006:<any names here?>
but not /etc/passwd for users with GID=1006.
I'd say this is a bug.
> userdel: Cannot remove group prova which is a primary group for another user.
Right, this means that prova2 line looks like this:
prova2:x:1005:1006:...........
> Done.
> grep prova /etc/group
> prova:x:1006:
>
> Test case 2: Removing user prova2:
>
> deluser prova2
> Removing user `prova2' ...
> Warning: group `prova' has no more members.
> Done.
Attention. See _which_ group it deleted here?
It did not try to delete a group with the same name as user,
it looked at GID (2006), found which group it is (prova),
and then deleted it.
I was right in the second bug comment, we don't do
this correctly too.
> grep prova /etc/group
> prova:x:1006:
So you are saying group still exists?
> Test case 3: Removing group prova:
>
> delgroup prova
> /usr/sbin/delgroup: `prova' still has `prova' as their primary group!
Wait a sec. User prova should already be deleted, no?
I'm confused...
> Test case 4: Removing group prova after removal of user prova:
>
> deluser prova
> Removing user `prova' ...
> Warning: group `prova' has no more members.
> userdel: Cannot remove group prova which is a primary group for another user.
> Done.
> delgroup prova
> /usr/sbin/delgroup: `prova2' still has `prova' as their primary group!
Yes, now we see that they don't have our BUG #1.
They correctly check passwd.
>> If you remove haldaemon line from /etc/passwd,
>> delgroup foo will succeed despite the fact that _user_ foo exists.
>> Because in this example, _user_ foo and _group_ foo
>> are completely unrelated.
>>
>> Our version gets this wrong, I think.
>
> In some cases of course it does. To fix this
> will be rather expensive in size:
>
> if (doing_deluser) {
> get gid
> delete_user
> walk through passwd file
No, why would you want the passwd file?
it seems they just try "delgroup <group_with_gid_of_deleted_user>"
> if users with same gid
> complain and do nothing to group file
This will be done as part of "delgroup <group_with_gid_of_deleted_user>"
operation.
> else
> if username == groupname // is UserPrivateGroup
> delete_group
Where is the evidence it works like that, *by name*?
> if (doing_delgroup) {
> get_gid
> // NO - check if group is empty
> walk through passwd file
> if users with same gid
> complain and do nothing to group file
> }
This is correct.
> case argc2
> if (deluser) {
> setup deluser
> gid = get_gid
> } else {
> do_delgroup:
> /* delgroup */
> setup delgroup
> if (no_gid)
> gid = get_gid
> // NO - check if group is empty
> walk through passwd file
> if users with same gid > 0
> complain and do nothing to group file
> else if (doing_delgroup after deluser /* needs a flag ? */) {
> if username != groupname // not UserPrivateGroup
> do_nothing to group file
> }
> }
>
> do_deletions_loop
>
> if (deluser ) {
> set_a_flag
> goto do_delgroup
> }
Not entirely correct, see comments above.
--
vda
More information about the busybox
mailing list