Experimenting with fedora 17

I briefly tried Fedora 17, shortly after its release.  I did not spend much time with it, so I won’t call this a review.

For what I tested, it seemed mostly okay.  The only problem I had was that it didn’t work.  Well, it sort of worked, and sort of didn’t.  It doesn’t like users with uid < 1000.

The install went fine.  I had to go into expert mode to tell it to use the encrypted LVM that is already setup.  But it was not particularly difficult to get that working.

First login attempt

After the first boot, it prompts for a user to create.  So I defined my standard account, and told it to use a uid of 601 (which I normally do).  It did not like that, but it didn’t prohibit it.

When I tried to login on that account, it told me that the home directory was inaccessible.  The KDE login failed.  Then I got to a virtual terminal, and tried a command line login.  It told me that my home directory was inaccessible, so it changed my home directory to “/” but did log me in.  Then I did a “cd” to my normal home directory.  It was perfectly accessible, and I had both read and write access.

Frankly, this is absurd.  If it is a security measure, then it is too easy to bypass (as I just described).  If this is part of SELinux, then either SELinux is broken, or the Fedora implementation is broken.

Second login attempt

I created a second user.  This time, I did not insist on keeping the old uid.  It changed the uid to 1000, and did a “chown” on the user files for this user, to make them all owned by uid=1000.  A KDE login with that user went fine.

I subsequently found that it had only changed the uid for that user under its home directory.  That user had also owned a bunch of files elsewhere ( “/home/.ecryptfs/user” because I had been experimenting with encrypted home directory), but those still had the old uid.

A rant about UIDs

What’s with this uid nonsense?  I understand the advice to reserve UIDs < 1000 for system processes.  But it should be advice, not compulsion.

Linux is advertised as free software.  And it is emphasized that this is not free as in zero cost, but is free as in “freedom of speech”.  So why is big brother RedHat corporation trying to tighten the screws and restrict how I can use my system?

Comparison with opensuse

I have never had a problem with a uid of 601 using opensuse.  In a typical install, it asks for the user name.  Then the installer discovers that a home directory for that user already exists with uid=601, so it assigns 601 to that user.  This makes more sense than what happened with Fedora.

Some UID history

When I first started to use unix, the manuals advised (and not that this is advised, not compelled) that uids < 100 be reserved for future system use.  I was very generous, and reserved uids < 500.  Then I restricted 500-599 for special purpose local accounts, with regular accounts starting at 600.  And that’s how I finished up with a uid of 601.

I like to continue using 601, because I am still using some older systems with that uid.  And when copying files between systems, there are some benefits to having the same uid on all systems.  So, sure, I could change to a uid of 1000 or greater with only minor inconvenience.  But I don’t get the point of this being enforced by Fedora.  If Linux is free software, then we should be free to use it as best suits our own needs.

Advertisements

Tags:

About Neil Rickert

Mathematician and computer scientist who dabbles in cognitive science.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: