Discussion:
[dev] [ubase] Implementing users and groups management
ilmich
2018-11-26 12:53:05 UTC
Permalink
Hi,

for my needs I'm developing some lightweight tools for users and
groups management (like useradd, userdel, groupadd and so on) and I'm
trying to adhere to POSIX standard and your guidelines.
If I wanted to release patches, ubase could be the right place!?

Cheers
Michele
ilmich
2018-11-26 16:19:50 UTC
Permalink
Dear Michele,
Hi Laslo, thanks for your reply
In this case though, one would have to think which underlying
database to use. The shadow password format is most prominent
nowadays, with all its drawbacks. You can read more about it here[0]
(including manpages for the utils implemented in this format).
I remember we discussed a relatively new concept that is better thought
out, and we even discussed it on IRC a few years back regarding ubase,
but I am not sure if it was OpenBSD's approach (see passwd(5)[1]). It
would be interesting to implement it for Linux in some way, maybe even
including conversion tools or something.
for now I've only implemented shadow format for compatibility with
other tools of ubase (login and passwd).

However, looking the OpenBSD approach I noticed that the public
databases exported by pwd_mkdb are Berkley Db.
The idea you discussed was in this kind of format!?

I'm also studying OpenWall tcb[0]

Cheers
Michele

[0]:https://www.openwall.com/tcb/
Daniel Cegiełka
2018-11-26 16:43:19 UTC
Permalink
sorry for html...
Post by ilmich
Dear Michele,
I remember we discussed a relatively new concept that is better thought
out, and we even discussed it on IRC a few years back regarding ubase,
but I am not sure if it was OpenBSD's approach (see passwd(5)[1]). It
would be interesting to implement it for Linux in some way, maybe even
including conversion tools or something.
for now I've only implemented shadow format for compatibility with
other tools of ubase (login and passwd).
However, looking the OpenBSD approach I noticed that the public
databases exported by pwd_mkdb are Berkley Db.
The idea you discussed was in this kind of format!?
1) Note that struct passwd is not compatible with linux libc ABI (pw_class).
2) pwd_mkdb: This is used to avoid multiple opening of passwd files. If you
have thousands of users on the 25-year old server, it is ok. But today, this
approach does not really make sense.
3) Berkley DB: They use the old db (version 1.85) and have it built into the
libc [1]. For linux users, this would require a separate db installation and this
is a bad way.
[1] https://cvsweb.openbsd.org/src/lib/libc/db/
Best regards,
Daniel
ilmich
2018-11-26 18:22:46 UTC
Permalink
Hi Daniel,
1) Note that struct passwd is not compatible with linux libc ABI (pw_class).
you are right, but I've noticed that ubase's login and passwd
implementation make us of them.
However my conclusion is that ubase currently supports two databases
for login with password (shadow and openwall tcb).
Therefore the best way is not to impose the choice on which it is best to use.
So I think I will create a new project for my lightweight shadow
tools, that I will soon share with you on the wiki.

Thanks to everyone
Michele
Daniel Cegiełka
2018-11-26 18:37:33 UTC
Permalink
Post by ilmich
Hi Daniel,
1) Note that struct passwd is not compatible with linux libc ABI (pw_class).
you are right, but I've noticed that ubase's login and passwd
implementation make us of them.
However my conclusion is that ubase currently supports two databases
for login with password (shadow and openwall tcb).
Therefore the best way is not to impose the choice on which it is best to use.
So I think I will create a new project for my lightweight shadow
tools, that I will soon share with you on the wiki.
I think there is a misunderstanding. I don't mean tcb, but the
difference between *BSD and linux struct passwd. *BSD struct passwd
contains pw_class, therefore, ABI is not compatible with struct passwd
on linux.

tcb contains one shadow record for each user, but the structure itself
is the same as in /etc/shadow.
Post by ilmich
Thanks to everyone
Michele
Loading...