Re: Bug#932103: RFP: fuidshift -- remap a filesystem tree to shift one set of UID/GID ranges to another
On Tuesday 16 July 2019 23:11:24 Florian Weimer wrote:
> * Nicholas D. Steeves:
> > Package name : fuidshift
> > Version : 3.0
> > Upstream Author : Name <somebody@example.org>
> > URL : https://github.com/lxc/lxd/tree/master/fuidshift
> > License : Apache 2.0
> > Programming Lang: Go
> > Description : remap a filesystem tree to shift one set of UID/GID
> > ranges to another
...
> How does this compare to (or interact with) newuidmap and newgidmap
> from uidmap?
They do very different things.
Let me try a short description :
newuidmap - set the uid mapping of a user namespace (from manpage)
fuidshift - shift the uid/gid of files *on disk*
fuidshift is basically a recursive
chown $(( $(stat -c '%u' "$path") + $uidshift )) "$path"
It does not use or configure user namespaces or containers.
It's useful for the creation of containers images, for example when the
container root filesystem is read-only (squashfs) and the container engine
can't change the uids at runtime (see for example systemd-nspawn --private-
users=pick / --private-users-chown).
So fuidshift may be used to prepare a directory for later use by newuidmap,
but that's about it.
> There's a push to force uidmap on everyone, with tight integration
> into NSS. If there's a competing scheme, it would be helpful to know
> about it.
Reply to: