[Pkg-shadow-devel] Static uid/gid request for xrootd server

[Colin Watson]

On Fri, Mar 07, 2025 at 10:38:54AM +0100, Mattias Ellert wrote:
>I would like to request static gid/uid allocation for the xrootd
>server.
>
>The need for a fixed uid was raised by upstream in an issue on the
>xrootd github repository:
>
>https://github.com/xrootd/xrootd/issues/2433#issuecomment-2701010275
>
>"Is it possible to also request a fixed, assigned UID for the xrootd
>user on those platforms as there is for condor?
>
>Just this week we hit an issue where the system UID for xrootd did not
>match the container UID for xrootd, causing failures in having xrootd
>access SMB/CIFS-based filesystems (this is because the kernel invokes
>cifs-upcall in the system namespace while the access occurred from the
>container)."

I might be tentatively OK with this from the base-passwd point of view, 
although it's not really ideal.  In this case, the restriction doesn't 
appear to be that the ID has to be the same across different systems; it 
just has to be the same between host and container on a given system.  
I'm not sure if it's ever possible for the host and the container to be 
of different distributions, for example, but it would be a problem if 
they were.  So assigning a static ID seems to be at the same time too 
much and not enough.

How is the container created in this case?  Would it perhaps be possible 
to inject something into it that fixes the xrootd user's ID based on 
that in use on the host?

-- 
Colin Watson (he/him)                              [cjwatson at debian.org]