system/skeleton: use uid/gid 65534 for nobody/nogroup

As recently discussed on lwn.net: https://lwn.net/Articles/695478/

The kernel has special behaviour for uid/gid 65534:

1. The kernel maps UIDs > 65535 to it when some subsystem/API/fs
   only supports 16bit UIDs, but a 32bit UID is passed to it.

2. it's used by the kernel's user namespacing as the internal UID
   that external UIDs are mapped to that don't have any local mapping.

3. It's used by NFS for all user IDs that cannot be mapped locally if
   UID mapping is enabled.

Most distributions already map (or are in the progress of changing)
nobody/nogroup to the 65534 uid/gid, so lets do so as well.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

diff --git a/system/skeleton/etc/group b/system/skeleton/etc/group
index c813da20229ce7e1bf006672afde314167862e0b..76346b35f2da0d79e5ab4e79459eb1ecff3cd7f0 100644 (file)
--- a/system/skeleton/etc/group
+++ b/system/skeleton/etc/group
@@ -22,5 +22,5 @@ plugdev:x:46:
 staff:x:50:
 lock:x:54:
 netdev:x:82:
-nogroup:x:99:
 users:x:100:
+nogroup:x:65534:

diff --git a/system/skeleton/etc/passwd b/system/skeleton/etc/passwd
index 883265ad6fc6a51eae758f8df9fb0c1cea32f063..d8281d2585362b698a26b340074ecc4c9adc5151 100644 (file)
--- a/system/skeleton/etc/passwd
+++ b/system/skeleton/etc/passwd
@@ -6,4 +6,4 @@ sync:x:4:100:sync:/bin:/bin/sync
 mail:x:8:8:mail:/var/spool/mail:/bin/false
 www-data:x:33:33:www-data:/var/www:/bin/false
 operator:x:37:37:Operator:/var:/bin/false
-nobody:x:99:99:nobody:/home:/bin/false
+nobody:x:65534:65534:nobody:/home:/bin/false