Bug#932103: RFP: fuidshift -- remap a filesystem tree to shift one set of UID/GID ranges to another

To: Nicholas D Steeves <nsteeves@gmail.com>
Cc: 932103@bugs.debian.org, debian-devel@lists.debian.org
Subject: Bug#932103: RFP: fuidshift -- remap a filesystem tree to shift one set of UID/GID ranges to another
From: Florian Weimer <fw@deneb.enyo.de>
Date: Tue, 16 Jul 2019 23:11:24 +0200
Message-id: <[🔎] 87tvblznur.fsf@mid.deneb.enyo.de>
Reply-to: Florian Weimer <fw@deneb.enyo.de>, 932103@bugs.debian.org
In-reply-to: <[🔎] 156316420192.15982.13684164100463592524.reportbug@DigitalMercury.dynalias.net> (Nicholas D. Steeves's message of "Mon, 15 Jul 2019 00:16:41 -0400")
References: <[🔎] 156316420192.15982.13684164100463592524.reportbug@DigitalMercury.dynalias.net> <[🔎] 156316420192.15982.13684164100463592524.reportbug@DigitalMercury.dynalias.net>

* Nicholas D. Steeves:

> Package name    : fuidshift
> Version         : 3.0
> Upstream Author : Name <somebody@example.org>
> URL             : https://github.com/lxc/lxd/tree/master/fuidshift
> License         : Apache 2.0
> Programming Lang: Go
> Description : remap a filesystem tree to shift one set of UID/GID
> ranges to another
>
> Fuidshift is useful for converting privileged containers to
> unprivileged ones, and also to adapt a container master to multiple
> users' authorised subuid and subguid ranges.  It also sounds like it
> might be useful for fixing up cases where --numeric-owner should have
> been used, but where it would be too labour-intensive to manually chown.
>
> I learned about this tool via the following document:
>   https://github.com/BenSartor/unprivileged-lxc-containers
>
> Here is the upstream description:
>
>   This tool lets you remap a filesystem tree, switching it from one
>   set of UID/GID ranges to another.
>   This is mostly useful when retrieving a wrongly shifted filesystem tree
>   from a backup or broken system and having to remap everything either to
>   the host UID/GID range (uid/gid 0 is root) or to an existing container's
>   range.
>   A range is represented as <u|b|g>:<first_container_id>:<first_host_id>:<size>.
>   Where "u" means shift uid, "g" means shift gid and "b" means shift
> uid and gid.
>
> https://github.com/lxc/lxd/blob/81b81b9ace3064c8065319f4e984378244587d80/fuidshift/main_shift.go#L26-L36
>
> It's part of the LXD project, but I'm not sure if it's as difficult to
> package as LXD itself, which is one reason why I've CCed the Go team.
> I also wonder if the best way to get this into Debian would be a
> src:lxd that produces bin:fuidshift.

How does this compare to (or interact with) newuidmap and newgidmap
from uidmap?

There's a push to force uidmap on everyone, with tight integration
into NSS.  If there's a competing scheme, it would be helpful to know
about it.

Reply to:

Follow-Ups:
- Bug#932103: RFP: fuidshift -- remap a filesystem tree to shift one set of UID/GID ranges to another
  - From: Vincent Tondellier <tonton+dbug@team1664.org>

References:
- Bug#932103: RFP: fuidshift -- remap a filesystem tree to shift one set of UID/GID ranges to another
  - From: Nicholas D Steeves <nsteeves@gmail.com>

Prev by Date: Bug#932164: marked as done (ITP: r-cran-timereg -- GNU R flexible regression models for survival data)
Next by Date: Bug#932244: ITP: libphp-easyrdf -- A PHP library for RDF
Previous by thread: Bug#932103: RFP: fuidshift -- remap a filesystem tree to shift one set of UID/GID ranges to another
Next by thread: Bug#932103: RFP: fuidshift -- remap a filesystem tree to shift one set of UID/GID ranges to another
Index(es):
- Date
- Thread