public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos: resolve uid/gid conflicts

Browse Source 
This patch resolves all uid/gid conflicts except for nobody/nogroup (seems
to make sense that these are the same).
All conflicts where determined mechanically, but resolutions were manual.
This patch also marks uids/gids with no corresponding group/user as "unused"
(aka. reserved).

Briefly,

- tss group conflicts with dhcpcd
  The tss group id conflicts with dhcpcd: assign
  a new number and add a corresponding tss user.
- elasticsearch uid conflicts with haproxy gid
- resolve firebird/munin conflict
- fix fourstorehttp{,d} typo
- fix ghostOne typo: the service module refers to gids.ghostone, so use that
  in ids
- memcached uid conflicts with users gid
- nagios uid conflicts with disks gid
- nscd uid conflicts with wheel gid
- ntp uid conflicts with tty gid
- resolve postfix/postdrop id uid
- redis uid conflicts with keys gid
- sshd uid conflicts with kmem gid
- tcryptd uid conflicts with openldap gid
- unifi uid conflicts with docker gid
- uptimed uid conflicts with utmp gid
- zope2 uid conflicts with connman gid
- tomcat uid/gid mismatch
This commit is contained in:
Joachim Fasting 2015-03-08 21:35:04 +01:00
parent 06ee4c62d3
commit e9cd877921
1 changed files with 94 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

113
nixos/modules/misc/ids.nix
View File

@ -27,28 +27,38 @@
ids.uids = { ids.uids = {
root = 0; root = 0;
nscd = 1; #wheel = 1; # unused
sshd = 2; #kmem = 2; # unused
ntp = 3; #tty = 3; # unused
messagebus = 4; # D-Bus messagebus = 4; # D-Bus
haldaemon = 5; haldaemon = 5;
nagios = 6; #disk = 6; # unused
vsftpd = 7; vsftpd = 7;
ftp = 8; ftp = 8;
bitlbee = 9; bitlbee = 9;
avahi = 10; avahi = 10;
nagios = 11;
atd = 12; atd = 12;
zabbix = 13; postfix = 13;
postfix = 14; #postdrop = 14; # unused
dovecot = 15; dovecot = 15;
tomcat = 16; tomcat = 16;
#audio = 17; # unused
#floppy = 18; # unused
#uucp = 19; # unused
#lp = 20; # unused
pulseaudio = 22; # must match `pulseaudio' GID pulseaudio = 22; # must match `pulseaudio' GID
gpsd = 23; gpsd = 23;
#cdrom = 24; # unused
#tape = 25; # unused
#video = 26; # unused
#dialout = 27; # unused
polkituser = 28; polkituser = 28;
uptimed = 29; #utmp = 29; # unused
ddclient = 30; ddclient = 30;
davfs2 = 31; davfs2 = 31;
privoxy = 32; privoxy = 32;
#disnix = 33; # unused
osgi = 34; osgi = 34;
tor = 35; tor = 35;
cups = 36; cups = 36;
@ -70,18 +80,25 @@
fprot = 52; fprot = 52;
bind = 53; bind = 53;
wwwrun = 54; wwwrun = 54;
#adm = 55; # unused
spamd = 56; spamd = 56;
#networkmanager = 57; # unused
nslcd = 58; nslcd = 58;
#scanner = 59; # unused
nginx = 60; nginx = 60;
chrony = 61; chrony = 61;
#systemd-journal = 62; # unused
smtpd = 63; smtpd = 63;
smtpq = 64; smtpq = 64;
supybot = 65; supybot = 65;
iodined = 66; iodined = 66;
#libvirtd = 67; # unused
graphite = 68; graphite = 68;
statsd = 69; statsd = 69;
transmission = 70; transmission = 70;
postgres = 71; postgres = 71;
#vboxusers = 72; # unused
#vboxsf = 73; # unused
smbguest = 74; # unused smbguest = 74; # unused
varnish = 75; varnish = 75;
datadog = 76; datadog = 76;
@ -102,13 +119,13 @@
minidlna = 91; minidlna = 91;
elasticsearch = 92; elasticsearch = 92;
tcpcryptd = 93; # tcpcryptd uses a hard-coded uid. We patch it in Nixpkgs to match this choice. tcpcryptd = 93; # tcpcryptd uses a hard-coded uid. We patch it in Nixpkgs to match this choice.
zope2 = 94; #connman = 94; # unused
firebird = 95; firebird = 95;
redis = 96; #keys = 96; # unused
haproxy = 97; haproxy = 97;
mongodb = 98; mongodb = 98;
openldap = 99; openldap = 99;
memcached = 100; #users = 100; # unused
cgminer = 101; cgminer = 101;
munin = 102; munin = 102;
logcheck = 103; logcheck = 103;
@ -129,6 +146,7 @@
foundationdb = 118; foundationdb = 118;
newrelic = 119; newrelic = 119;
starbound = 120; starbound = 120;
#grsecurity = 121; # unused
hydra = 122; hydra = 122;
spiped = 123; spiped = 123;
teamspeak = 124; teamspeak = 124;
@ -138,7 +156,7 @@
znc = 128; znc = 128;
polipo = 129; polipo = 129;
mopidy = 130; mopidy = 130;
unifi = 131; #docker = 131; # unused
gdm = 132; gdm = 132;
dhcpd = 133; dhcpd = 133;
siproxd = 134; siproxd = 134;
@ -180,7 +198,19 @@
panamax = 170; panamax = 170;
marathon = 171; marathon = 171;
exim = 172; exim = 172;
#fleet = 173; # unused
#input = 174; # unused
sddm = 175; sddm = 175;
tss = 176;
memcached = 177;
nscd = 178;
ntp = 179;
zabbix = 180;
redis = 181;
sshd = 182;
unifi = 183;
uptimed = 184;
zope2 = 185;
# When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399! # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
@ -200,15 +230,16 @@
ftp = 8; ftp = 8;
bitlbee = 9; bitlbee = 9;
avahi = 10; avahi = 10;
#nagios = 11; # unused
atd = 12; atd = 12;
postfix = 13; postfix = 13;
postdrop = 14; postdrop = 14;
dovecot = 15; dovecot = 15;
tomcat = 16;
audio = 17; audio = 17;
floppy = 18; floppy = 18;
uucp = 19; uucp = 19;
lp = 20; lp = 20;
tomcat = 21;
pulseaudio = 22; # must match `pulseaudio' UID pulseaudio = 22; # must match `pulseaudio' UID
gpsd = 23; gpsd = 23;
cdrom = 24; cdrom = 24;
@ -217,21 +248,30 @@
dialout = 27; dialout = 27;
#polkituser = 28; # currently unused, polkitd doesn't need a group #polkituser = 28; # currently unused, polkitd doesn't need a group
utmp = 29; utmp = 29;
#ddclient = 30; # unused
davfs2 = 31; davfs2 = 31;
privoxy = 32; privoxy = 32;
disnix = 33; disnix = 33;
osgi = 34; osgi = 34;
tor = 35; tor = 35;
ghostOne = 40; #cups = 36; # unused
#foldingathome = 37; # unused
#sabnzd = 38; # unused
#kdm = 39; # unused
ghostone = 40;
git = 41; git = 41;
fourstore = 42; fourstore = 42;
fourstorehttpd = 43; fourstorehttp = 43;
virtuoso = 44; virtuoso = 44;
#rtkit = 45; # unused
dovecot2 = 46; dovecot2 = 46;
#dovenull = 47; # unused
#unbound = 48; # unused
prayer = 49; prayer = 49;
mpd = 50; mpd = 50;
clamav = 51; clamav = 51;
fprot = 52; fprot = 52;
#bind = 53; # unused
wwwrun = 54; wwwrun = 54;
adm = 55; adm = 55;
spamd = 56; spamd = 56;
@ -239,6 +279,7 @@
nslcd = 58; nslcd = 58;
scanner = 59; scanner = 59;
nginx = 60; nginx = 60;
#chrony = 61; # unused
systemd-journal = 62; systemd-journal = 62;
smtpd = 63; smtpd = 63;
smtpq = 64; smtpq = 64;
@ -246,6 +287,7 @@
iodined = 66; iodined = 66;
libvirtd = 67; libvirtd = 67;
graphite = 68; graphite = 68;
#statsd = 69; # unused
transmission = 70; transmission = 70;
postgres = 71; postgres = 71;
vboxusers = 72; vboxusers = 72;
@ -268,11 +310,17 @@
quassel = 89; quassel = 89;
amule = 90; amule = 90;
minidlna = 91; minidlna = 91;
haproxy = 92; #elasticsearch = 92; # unused
openldap = 93; #tcpcryptd = 93; # unused
connman = 94; connman = 94;
munin = 95; firebird = 95;
keys = 96; keys = 96;
haproxy = 97;
#mongodb = 98; # unused
openldap = 99;
munin = 102;
#logcheck = 103; # unused
#nix-ssh = 104; # unused
dictd = 105; dictd = 105;
couchdb = 106; couchdb = 106;
searx = 107; searx = 107;
@ -280,8 +328,12 @@
jenkins = 109; jenkins = 109;
systemd-journal-gateway = 110; systemd-journal-gateway = 110;
notbit = 111; notbit = 111;
#ngircd = 112; # unused
btsync = 113; btsync = 113;
#minecraft = 114; # unused
monetdb = 115; monetdb = 115;
#ripped = 116; # unused
#murmur = 117; # unused
foundationdb = 118; foundationdb = 118;
newrelic = 119; newrelic = 119;
starbound = 120; starbound = 120;
@ -291,39 +343,62 @@
teamspeak = 124; teamspeak = 124;
influxdb = 125; influxdb = 125;
nsd = 126; nsd = 126;
firebird = 127; #gitolite = 127; # unused
znc = 128; znc = 128;
polipo = 129; polipo = 129;
mopidy = 130; mopidy = 130;
docker = 131; docker = 131;
gdm = 132; gdm = 132;
tss = 133; #dhcpcd = 133; # unused
siproxd = 134; siproxd = 134;
mlmmj = 135; mlmmj = 135;
#neo4j = 136; # unused
riemann = 137; riemann = 137;
riemanndash = 138; riemanndash = 138;
#radvd = 139; # unused
#zookeeper = 140; # unused
#dnsmasq = 141; # unused
uhub = 142; uhub = 142;
#yandexdisk = 143; # unused
#collectd = 144; # unused
#consul = 145; # unused
mailpile = 146; mailpile = 146;
redmine = 147; redmine = 147;
seeks = 148; seeks = 148;
prosody = 149; prosody = 149;
i2pd = 150; i2pd = 150;
#dnscrypt-proxy = 151; # unused
systemd-network = 152; systemd-network = 152;
systemd-resolve = 153; systemd-resolve = 153;
systemd-timesync = 154; systemd-timesync = 154;
liquidsoap = 155; liquidsoap = 155;
#etcd = 156; # unused
#docker-registry = 157; # unused
hbase = 158; hbase = 158;
opentsdb = 159; opentsdb = 159;
scollector = 160; scollector = 160;
bosun = 161; bosun = 161;
kubernetes = 162; kubernetes = 162;
#peerflix = 163; # unused
#chronos = 164; # unused
gitlab = 165; gitlab = 165;
nylon = 168; nylon = 168;
panamax = 170; panamax = 170;
#marathon = 171; # unused
exim = 172; exim = 172;
fleet = 173; fleet = 173;
input = 174; input = 174;
sddm = 175; sddm = 175;
tss = 176;
#memcached = 177; # unused
#nscd = 178; # unused
#ntp = 179; # unused
#zabbix = 180; # unused
#redis = 181; # unused
#sshd = 182; # unused
#unifi = 183; # unused
#uptimed = 184; # unused
#zope2 = 185; # unused
# When adding a gid, make sure it doesn't match an existing # When adding a gid, make sure it doesn't match an existing
# uid. Users and groups with the same name should have equal # uid. Users and groups with the same name should have equal