From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:42351)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <armbru@redhat.com>) id 1e1pCt-0005Qn-AW
	for qemu-devel@nongnu.org; Tue, 10 Oct 2017 03:44:09 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <armbru@redhat.com>) id 1e1pCq-0007zS-5d
	for qemu-devel@nongnu.org; Tue, 10 Oct 2017 03:44:03 -0400
Received: from mx1.redhat.com ([209.132.183.28]:51340)
	by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
	(Exim 4.71) (envelope-from <armbru@redhat.com>) id 1e1pCp-0007yo-VW
	for qemu-devel@nongnu.org; Tue, 10 Oct 2017 03:44:00 -0400
From: Markus Armbruster <armbru@redhat.com>
References: <1507133891-26013-1-git-send-email-ian.jackson@eu.citrix.com>
	<1507133891-26013-8-git-send-email-ian.jackson@eu.citrix.com>
	<877ew4ub3u.fsf@dusky.pond.sub.org>
	<23003.36902.664875.346194@mariner.uk.xensource.com>
Date: Tue, 10 Oct 2017 09:43:56 +0200
In-Reply-To: <23003.36902.664875.346194@mariner.uk.xensource.com> (Ian
	Jackson's message of "Mon, 9 Oct 2017 16:05:10 +0100")
Message-ID: <878tgjla6b.fsf@dusky.pond.sub.org>
MIME-Version: 1.0
Content-Type: text/plain
Subject: Re: [Qemu-devel] [PATCH 7/8] os-posix: Provide new -runasid option
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Ian Jackson <ian.jackson@eu.citrix.com>
Cc: Juergen Gross <jgross@suse.com>, Stefano Stabellini <sstabellini@kernel.org>, qemu-devel@nongnu.org, Ross Lagerwall <ross.lagerwall@citrix.com>, Anthony PERARD <anthony.perard@citrix.com>, xen-devel@lists.xenproject.org, xen-devel@nongnu.org

Ian Jackson <ian.jackson@eu.citrix.com> writes:

> Markus Armbruster writes ("Re: [Qemu-devel] [PATCH 7/8] os-posix: Provide new -runasid option"):
>> The last thing the QEMU command line needs is more exotic options.  Are
>> you sure we need a new one here?  Can we make existing -runas serve?
>> Precedence: Coreutils[*].  Pseudo-code:
>> 
>>     if argument is a decimal number starting with '+':
>>         user ID
>>     else if argument is a valid user name:
>>         user name
>>     else if argument is a valid user ID:
>>         user ID
>>     else:
>>         error
>
> I can do this.  So -runas <uid>.<gid> then.  I don't think it makes
> sense to try to -runas <uid> because: you wouldn't have a username
> to pass to initgroups: not calling initgroups would be a bear trap;
> and otherwise we wouldn't know what gid to use.

Actually, a numeric UID without group name or ID could be made to work
just fine as long as it maps to a user name.  The use case may not be
worth the bother, though.

Using '.' to separate user and group is suboptimal, because POSIX
portable user and group names may contain it:

    3.426 User Name

    A string that is used to identify a user; see also User Database.
    To be portable across systems conforming to IEEE Std 1003.1-2001,
    the value is composed of characters from the portable filename
    character set.  The hyphen should not be used as the first character
    of a portable user name.

and

    3.276 Portable Filename Character Set

    The set of characters from which portable filenames are constructed.

        A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
        a b c d e f g h i j k l m n o p q r s t u v w x y z
        0 1 2 3 4 5 6 7 8 9 . _ -

http://pubs.opengroup.org/onlinepubs/000095399/basedefs/xbd_chap03.html

Coreutils uses ':'.  Let's follow its lead.

From mboxrd@z Thu Jan  1 00:00:00 1970
From: Markus Armbruster <armbru@redhat.com>
Subject: Re: [Qemu-devel] [PATCH 7/8] os-posix: Provide new
	-runasid option
Date: Tue, 10 Oct 2017 09:43:56 +0200
Message-ID: <878tgjla6b.fsf@dusky.pond.sub.org>
References: <1507133891-26013-1-git-send-email-ian.jackson@eu.citrix.com>
 <1507133891-26013-8-git-send-email-ian.jackson@eu.citrix.com>
 <877ew4ub3u.fsf@dusky.pond.sub.org>
 <23003.36902.664875.346194@mariner.uk.xensource.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Return-path: <xen-devel-bounces@lists.xen.org>
Received: from mail6.bemta6.messagelabs.com ([193.109.254.103])
 by lists.xenproject.org with esmtp (Exim 4.84_2)
 (envelope-from <armbru@redhat.com>) id 1e1pCr-0004NS-Qk
 for xen-devel@lists.xenproject.org; Tue, 10 Oct 2017 07:44:01 +0000
In-Reply-To: <23003.36902.664875.346194@mariner.uk.xensource.com> (Ian
 Jackson's message of "Mon, 9 Oct 2017 16:05:10 +0100")
List-Unsubscribe: <https://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
 <mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <https://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
 <mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Errors-To: xen-devel-bounces@lists.xen.org
Sender: "Xen-devel" <xen-devel-bounces@lists.xen.org>
To: Ian Jackson <ian.jackson@eu.citrix.com>
Cc: Juergen Gross <jgross@suse.com>, Stefano Stabellini <sstabellini@kernel.org>, qemu-devel@nongnu.org, Ross Lagerwall <ross.lagerwall@citrix.com>, Anthony PERARD <anthony.perard@citrix.com>, xen-devel@lists.xenproject.org, xen-devel@nongnu.org
List-Id: xen-devel@lists.xenproject.org

SWFuIEphY2tzb24gPGlhbi5qYWNrc29uQGV1LmNpdHJpeC5jb20+IHdyaXRlczoKCj4gTWFya3Vz
IEFybWJydXN0ZXIgd3JpdGVzICgiUmU6IFtRZW11LWRldmVsXSBbUEFUQ0ggNy84XSBvcy1wb3Np
eDogUHJvdmlkZSBuZXcgLXJ1bmFzaWQgb3B0aW9uIik6Cj4+IFRoZSBsYXN0IHRoaW5nIHRoZSBR
RU1VIGNvbW1hbmQgbGluZSBuZWVkcyBpcyBtb3JlIGV4b3RpYyBvcHRpb25zLiAgQXJlCj4+IHlv
dSBzdXJlIHdlIG5lZWQgYSBuZXcgb25lIGhlcmU/ICBDYW4gd2UgbWFrZSBleGlzdGluZyAtcnVu
YXMgc2VydmU/Cj4+IFByZWNlZGVuY2U6IENvcmV1dGlsc1sqXS4gIFBzZXVkby1jb2RlOgo+PiAK
Pj4gICAgIGlmIGFyZ3VtZW50IGlzIGEgZGVjaW1hbCBudW1iZXIgc3RhcnRpbmcgd2l0aCAnKyc6
Cj4+ICAgICAgICAgdXNlciBJRAo+PiAgICAgZWxzZSBpZiBhcmd1bWVudCBpcyBhIHZhbGlkIHVz
ZXIgbmFtZToKPj4gICAgICAgICB1c2VyIG5hbWUKPj4gICAgIGVsc2UgaWYgYXJndW1lbnQgaXMg
YSB2YWxpZCB1c2VyIElEOgo+PiAgICAgICAgIHVzZXIgSUQKPj4gICAgIGVsc2U6Cj4+ICAgICAg
ICAgZXJyb3IKPgo+IEkgY2FuIGRvIHRoaXMuICBTbyAtcnVuYXMgPHVpZD4uPGdpZD4gdGhlbi4g
IEkgZG9uJ3QgdGhpbmsgaXQgbWFrZXMKPiBzZW5zZSB0byB0cnkgdG8gLXJ1bmFzIDx1aWQ+IGJl
Y2F1c2U6IHlvdSB3b3VsZG4ndCBoYXZlIGEgdXNlcm5hbWUKPiB0byBwYXNzIHRvIGluaXRncm91
cHM6IG5vdCBjYWxsaW5nIGluaXRncm91cHMgd291bGQgYmUgYSBiZWFyIHRyYXA7Cj4gYW5kIG90
aGVyd2lzZSB3ZSB3b3VsZG4ndCBrbm93IHdoYXQgZ2lkIHRvIHVzZS4KCkFjdHVhbGx5LCBhIG51
bWVyaWMgVUlEIHdpdGhvdXQgZ3JvdXAgbmFtZSBvciBJRCBjb3VsZCBiZSBtYWRlIHRvIHdvcmsK
anVzdCBmaW5lIGFzIGxvbmcgYXMgaXQgbWFwcyB0byBhIHVzZXIgbmFtZS4gIFRoZSB1c2UgY2Fz
ZSBtYXkgbm90IGJlCndvcnRoIHRoZSBib3RoZXIsIHRob3VnaC4KClVzaW5nICcuJyB0byBzZXBh
cmF0ZSB1c2VyIGFuZCBncm91cCBpcyBzdWJvcHRpbWFsLCBiZWNhdXNlIFBPU0lYCnBvcnRhYmxl
IHVzZXIgYW5kIGdyb3VwIG5hbWVzIG1heSBjb250YWluIGl0OgoKICAgIDMuNDI2IFVzZXIgTmFt
ZQoKICAgIEEgc3RyaW5nIHRoYXQgaXMgdXNlZCB0byBpZGVudGlmeSBhIHVzZXI7IHNlZSBhbHNv
IFVzZXIgRGF0YWJhc2UuCiAgICBUbyBiZSBwb3J0YWJsZSBhY3Jvc3Mgc3lzdGVtcyBjb25mb3Jt
aW5nIHRvIElFRUUgU3RkIDEwMDMuMS0yMDAxLAogICAgdGhlIHZhbHVlIGlzIGNvbXBvc2VkIG9m
IGNoYXJhY3RlcnMgZnJvbSB0aGUgcG9ydGFibGUgZmlsZW5hbWUKICAgIGNoYXJhY3RlciBzZXQu
ICBUaGUgaHlwaGVuIHNob3VsZCBub3QgYmUgdXNlZCBhcyB0aGUgZmlyc3QgY2hhcmFjdGVyCiAg
ICBvZiBhIHBvcnRhYmxlIHVzZXIgbmFtZS4KCmFuZAoKICAgIDMuMjc2IFBvcnRhYmxlIEZpbGVu
YW1lIENoYXJhY3RlciBTZXQKCiAgICBUaGUgc2V0IG9mIGNoYXJhY3RlcnMgZnJvbSB3aGljaCBw
b3J0YWJsZSBmaWxlbmFtZXMgYXJlIGNvbnN0cnVjdGVkLgoKICAgICAgICBBIEIgQyBEIEUgRiBH
IEggSSBKIEsgTCBNIE4gTyBQIFEgUiBTIFQgVSBWIFcgWCBZIFoKICAgICAgICBhIGIgYyBkIGUg
ZiBnIGggaSBqIGsgbCBtIG4gbyBwIHEgciBzIHQgdSB2IHcgeCB5IHoKICAgICAgICAwIDEgMiAz
IDQgNSA2IDcgOCA5IC4gXyAtCgpodHRwOi8vcHVicy5vcGVuZ3JvdXAub3JnL29ubGluZXB1YnMv
MDAwMDk1Mzk5L2Jhc2VkZWZzL3hiZF9jaGFwMDMuaHRtbAoKQ29yZXV0aWxzIHVzZXMgJzonLiAg
TGV0J3MgZm9sbG93IGl0cyBsZWFkLgoKX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f
X19fX19fX19fX19fX18KWGVuLWRldmVsIG1haWxpbmcgbGlzdApYZW4tZGV2ZWxAbGlzdHMueGVu
Lm9yZwpodHRwczovL2xpc3RzLnhlbi5vcmcveGVuLWRldmVsCg==