useradd: Do not reset non-existent data in {last,fail}log #558
Conversation
|
Let me see if I understand the problem correctly. useradd resets the data for a user in {last,fail}log if the file exists and the data for this user is found. This is a problem in chroot environments because a user called |
|
Close, but the data for the user is not found as is doesn't exist: The situation is that the files exist (and have owner and permissions set) but are empty. That is no problem for the (I mentioned |
|
The size of Tecnativa/doodba#251 (comment) Or 272 GB here: kartoza/docker-geoserver#410 (uid is 1001470000) Or 32 GB here: moby/moby#5419 (uid is 99900000) The problem is so prevalent that using This pull request would avoid this problem because all these issues referenced above do not have a "previously deleted user" so there is nothing to reset. |
Good explanation. Thanks for it. However before merging the code I'd like to check how stat() and lseek() report the data for different type of files. |
There was a problem hiding this comment.
I've had the opportunity to check the return values for stat() and lseek() depending on the type of file (empty, 1KB of info and sparse data at 1KB). I think that these changes are very neat and will solve the problem.
Still, there are two minor issues that I'd like to tackle before merging the code.
useradd does not create the files if they don't exist, but if they exist it will reset user data even if the data did not exist before creating a hole and an explicitly zero'd data point resulting (especially for high UIDs) in a lot of zeros ending up in containers and tarballs.
DonKult
force-pushed
the
useradd-no-reset-unset
branch
from
fd2a33c
to
3c0eafb
Compare
|
force-push summary: Swapped empty and variable declaration line(s) as requested and as a bonus reworded commit message slightly. |
useradd does not create the files if they don't exist, but if they exist
it will try to reset data even if the data did not exist before
resulting in a lot of zeros ending up in tarballs.
An example is basically every chroot containing a Debian (or derivative) system which is packed into a tarball later on e.g. for build servers. The chroot will have an
_aptsystem user created in the bootstrap which fills the {last,fail}log files with zeros as they tend to be already created with the right permissions.Of course, the files aren't large and zeros compress rather well (if you compress your tarballs), but what doesn't exist takes up even less space.
Rational for "ignoring"
LOG_INIT: The documentation for--no-log-initsays that it "do[es] not add the user to the lastlog and faillog databases", but it also says that its propose is a "reset to avoid reusing the entry from a previously deleted user". If the focus were on "add the user" the files should be created if they don't exist, but from the code as well as the later sentence in the docs I get the impression that the focus is on not (re)using incorrect entries and that is achieved just fine by the implicit zeros without making them explicit. So the init is still happening, it just doesn't write to disk for it if it doesn't need to.