Better handling required user and group

[pevik]

LTP requires special user and group to be presented (check IDcheck.sh script). Instead of hard-wired them in tests it'd be great to have tst_user() and tst_group() which would allow via environment variables to use alternative ones.

+ adding test flag .needs_user = 1 (C API) and TST_NEEDS_USER (shell API) which would: 1) check for $TST_USER and use it if exist (this should have default "nobody") 2) create temporary user if $TST_USER does not exist, which would be deleted after test (see code in testcases/kernel/syscalls/add_key/add_key05.c). Not sure if sharing user between tests is ok (probably is). Allowing default helps embedded distros, which might not have useradd binary (adding C code for adding new user would be error prone and IMHO not work for embedded and android distros).

C API may also add SAFE_USERADD() and SAFE_USERDEL() for tests which needs more users (at least testcases/kernel/syscalls/add_key/add_key05.c), maybe shell API need that as well.

There are many tests which would benefit from it, e.g. (incomplete list): testcases/kernel/syscalls/add_key/add_key05.c testcases/kernel/syscalls/chmod/chmod05.c testcases/kernel/syscalls/chdir/chdir03.c testcases/kernel/syscalls/ipc/shmget/shmget04.c testcases/kernel/fs/read_all/read_all.c testcases/kernel/security/dirtyc0w/dirtyc0w.c

UPDATE: most of tests now just use user 'nobody' and group 'nogroup', but AOSP requires to use GID 'daemon' instead of 'nogroup', see https://lore.kernel.org/ltp/YVtBt+WeskISn5+9@pevik/T/#t

This should be handled in the library + allowing to redefine required users would be enough.

[dzedro]

Working on it, ideally both C & Shell API

[pevik]

Some custom user adding: https://patchwork.ozlabs.org/project/ltp/patch/20240828134551.6344-1-wegao@suse.com/

[pevik]

Some custom user adding: https://patchwork.ozlabs.org/project/ltp/patch/20240828134551.6344-1-wegao@suse.com/

I send alternative approach for isofs.sh fix for SLE-Micro in https://patchwork.ozlabs.org/project/ltp/patch/20240830113913.49675-1-pvorel@suse.cz/

It uses 'nobody' user, detect group name (Debian uses 'nogroup' instead of 'nobody'). That is a quick fix for 'isofs.sh'.

But from long term perspective I suppose LTP should finally replace IDcheck.sh script with user/group support in the library (both C and shell API).

I propose to use the same as my fix for isofs.sh: use 'nobody' user, detect its group name. I would also create new user if 'nobody' does not exist. The downside is that it would be run more times than just after the installation. For C API tests this check could be run on based some flag: CAPI struct tst_test new tag (e.g. .needs_user = 1), shell API: NEEDS_USER=1 and the check would be run only for these tests.

[pevik]

NOTE how many tests rely on nobody:nobody or nobody:nogroup user (mostly in syscalls, but not limited to it, even one openposix test needs it):

$ git grep -l -e 'getpwnam."nobody"' -e static.*char.*'"nobody"' -e nobody.*pw_uid -e 'SAFE_SETGID.*"nobody"' -e 'SAFE_GETPWNAM.."nobody"' -e 'char.*user.*"nobody"' testcases/ |wc -l
66

IMHO all tests which use other non-root user should migrate to nobody:nobody / nobody:nogroup.

Also we have SAFE_GETGRNAM_FALLBACK() since https://github.com/linux-test-project/ltp/commit/dc1ee874e6eb7281c326556c415e0c4978ce1ba8, which is used in two tests:

https://github.com/linux-test-project/ltp/blob/6c3293c6fc20e7753433df9b7e0cd4107904bde3/testcases/kernel/syscalls/fchmod/fchmod02.c#L53-L54 https://github.com/linux-test-project/ltp/blob/6c3293c6fc20e7753433df9b7e0cd4107904bde3/testcases/kernel/syscalls/fchmod/fchmod02.c#L53-L54

Added in https://github.com/linux-test-project/ltp/commit/065698df608a96bb5edd9bb4ac8181f676eb7e06 https://github.com/linux-test-project/ltp/commit/fbdb9f8cacf0095deb9886debccfddf50c137356.

@patils @edliaw I wonder if one can create user on Android/AOSP or we really need to determine which users are available (in that case instead of creating missing user there could be reasonable default - user nobody + detect it's group name, but that could be redefined for AOSP + maybe allow to specify user environment variable).

[edliaw]

@pevik Unfortunately we can't create users afaik; the users/groups are defined here: https://cs.android.com/android/_/android/platform/system/core/+/main:libcutils/include/private/android_filesystem_config.h. Most of the tests in AOSP run with the root or shell UID.