Currently, this user is hardcoded to uid 65_534 (the "default" nobody UID) in source/boulder/stages/package.d
However, this breaks on Fedora because Fedora uses uid 65_534 for the separate nfsnobody user (likely for security purposes), whereas the "normal" nobody user has uid 99.
The suggested approach is to use (a variant of) getpwent and then cache the resulting uid in a Thread Global immutable __gshared unprivilegedUser variable in the boulder main() function.
ermo
commented
2 years ago
Currently, this user is hardcoded to uid 65_534 (the "default"
nobodyUID) insource/boulder/stages/package.dHowever, this breaks on Fedora because Fedora uses uid 65_534 for the separate
nfsnobodyuser (likely for security purposes), whereas the "normal"nobodyuser has uid 99.The suggested approach is to use (a variant of)
getpwentand then cache the resulting uid in a Thread Globalimmutable __gshared unprivilegedUservariable in the bouldermain()function.