On Wed, Nov 16, 2016 at 04:31:34PM -0200, Mauricio Faria de Oliveira wrote:
> Hi Guido,
>
> On 11/15/2016 08:00 AM, Guido Günther wrote:
> > > What do you think of a debconf warning message/prompt, which
> > > > asks the user to confirm that it's OK not to use the uid/gid values,
> > > > and explains about the potential problem w/ guest migration over NFS?
>
> > Although it adds some complexity it makes the most sense. Are you going
> > to look into this?
>
> Yup. Looking.
Great!
>
> Meanwhile, is it a problem if the primary group of libvirt-qemu user
> changes from kvm to libvirt-qemu (ie, adduser --ingroup), then later
> the user is added to the kvm group (ie, adduser libvirt-qemu kvm) ?
I would rather not change this if not absolutely necessary, we've had
lot of subtle bugs due to only the primary group being inherited.
> This would help to check the gid in the debconf config script, since
> it can only use essential packages (ie, coreutils's id command), and
> the id command can only return the gid of the primary group.
$ /usr/bin/id libvirt-qemu
uid=117(libvirt-qemu) gid=126(kvm) groups=126(kvm),128(libvirt-qemu)
seems to have all you need. Am I missing something?
> A more conservative option is to directly grep for libvirt-qemu pattern
> in /etc/group. That should work as well.
No, you need to use getent or similar since the user/group might not be in
/etc/{passwd,group} (e.g. ldap).
Cheers,
-- Guido
