New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
os/user: query systemd’s User/Group Record Lookup API in non-cgo environments before parsing /etc/passwd? #38810
Comments
We could also implement LDAP, but we've historically decided not to. What is the use case we're addressing here? Why do programs that use os/user want to avoid using cgo? And should this functionality live in a third party package instead? |
While related, that’s a much different call IMO: here, we implement 1 reasonably small API and get access to all NSS plugins.
I’m not saying they do. I’m saying that when disabling cgo for whichever reason, there is a feature disparity in
It certainly could. The downside of course is that users then first need to discover that package. I think that instead of having each programmer find out about the |
Also /cc @bradfitz @kevinburke per owners. |
That's a pretty compelling argument, actually. As for whether we use os/exec: I don't feel strongly either way. Both options involve encoding/json, and the do-it-ourselves way doesn't look super invasive. I'd say do it ourselves if that meant running in more environments or if it was a hot path, but I can't imagine any environment that wouldn't have |
Cool! Does someone want to send a CL, or should I give it a shot when I find a minute? |
Looks like nobody wants to race me to it, so I’ll give it a shot over the weekend. |
Here’s how far I have come so far: stapelberg@87fae81 I’ll try and spend a few more minutes on turning this into a Gerrit CL for proper review next week. |
Sent the corresponding CL: https://go-review.googlesource.com/c/go/+/256218 |
Change https://go.dev/cl/459455 mentions this issue: |
Otherwise fall back to parsing /etc/passwd, etc. Co-authored-by: Ananth Bhaskararaman <antsub@gmail.com> Co-authored-by: Michael Stapelberg <stapelberg@google.com> Fixes golang#38810
Otherwise fall back to parsing /etc/passwd, etc. Co-authored-by: Ananth Bhaskararaman <antsub@gmail.com> Co-authored-by: Michael Stapelberg <stapelberg@google.com> Fixes golang#38810
Otherwise fall back to parsing /etc/passwd, etc. Fixes golang#38810 Co-authored-by: Michael Stapelberg <stapelberg@google.com>
Otherwise fall back to parsing /etc/passwd, etc. Co-authored-by: Ananth Bhaskararaman <antsub@gmail.com> Co-authored-by: Michael Stapelberg <stapelberg@google.com> Fixes golang#38810
Otherwise fall back to parsing /etc/passwd, etc. Fixes golang#38810 Co-authored-by: Michael Stapelberg <stapelberg@google.com>
Otherwise fall back to parsing /etc/passwd, etc. Fixes golang#38810 Co-authored-by: Michael Stapelberg <stapelberg@google.com>
Otherwise fall back to parsing /etc/passwd, etc. Fixes golang#38810 Co-authored-by: Michael Stapelberg <stapelberg@google.com>
Otherwise fall back to parsing /etc/passwd, etc. Fixes golang#38810 Co-authored-by: Michael Stapelberg <stapelberg@google.com>
Otherwise fall back to parsing /etc/passwd, etc. Fixes golang#38810 Co-authored-by: Michael Stapelberg <stapelberg@google.com>
Otherwise fall back to parsing /etc/passwd, etc. Fixes golang#38810 Co-authored-by: Michael Stapelberg <stapelberg@google.com>
Otherwise fall back to parsing /etc/passwd, etc. Fixes golang#38810 Co-authored-by: Michael Stapelberg <stapelberg@google.com>
Otherwise fall back to parsing /etc/passwd, etc. Fixes golang#38810 Co-authored-by: Michael Stapelberg <stapelberg@google.com>
Otherwise fall back to parsing /etc/passwd, etc. Fixes golang#38810 Co-authored-by: Michael Stapelberg <stapelberg@google.com>
Otherwise fall back to parsing /etc/passwd, etc. Fixes golang#38810 Co-authored-by: Michael Stapelberg <stapelberg@google.com>
Otherwise fall back to parsing /etc/passwd, etc. Fixes golang#38810 Co-authored-by: Michael Stapelberg <stapelberg@google.com>
Fetch usernames and groups via systemd userdb if available. Otherwise fall back to parsing /etc/passwd, etc. Fixes golang#38810 Co-authored-by: Michael Stapelberg <stapelberg@google.com>
Fetch usernames and groups via systemd userdb if available. Otherwise fall back to parsing /etc/passwd, etc. Fixes golang#38810 Co-authored-by: Michael Stapelberg <stapelberg@google.com>
Fetch usernames and groups via systemd userdb if available. Otherwise fall back to parsing /etc/passwd, etc. Fixes golang#38810 Co-authored-by: Michael Stapelberg <stapelberg@google.com>
Fetch usernames and groups via systemd userdb if available. Otherwise fall back to parsing /etc/passwd, etc. Fixes golang#38810 Co-authored-by: Michael Stapelberg <stapelberg@google.com>
Fetch usernames and groups via systemd userdb if available. Otherwise fall back to parsing /etc/passwd, etc. Fixes golang#38810 Co-authored-by: Michael Stapelberg <stapelberg@google.com>
Fetch usernames and groups via systemd userdb if available. Otherwise fall back to parsing /etc/passwd, etc. Fixes golang#38810 Co-authored-by: Michael Stapelberg <stapelberg@google.com>
Fetch usernames and groups via systemd userdb if available. Otherwise fall back to parsing /etc/passwd, etc. Fixes golang#38810 Co-authored-by: Michael Stapelberg <stapelberg@google.com>
Fetch usernames and groups via systemd userdb if available. Otherwise fall back to parsing /etc/passwd, etc. Fixes golang#38810 Co-authored-by: Michael Stapelberg <stapelberg@google.com>
Fetch usernames and groups via systemd userdb if available. Otherwise fall back to parsing /etc/passwd, etc. Fixes golang#38810 Co-authored-by: Michael Stapelberg <stapelberg@google.com>
Fetch usernames and groups via systemd userdb if available. Otherwise fall back to parsing /etc/passwd, etc. Fixes golang#38810 Co-authored-by: Michael Stapelberg <stapelberg@google.com>
Fetch usernames and groups via systemd userdb if available. Otherwise fall back to parsing /etc/passwd, etc. Fixes golang#38810 Co-authored-by: Michael Stapelberg <stapelberg@google.com>
Fetch usernames and groups via systemd userdb if available. Otherwise fall back to parsing /etc/passwd, etc. Fixes golang#38810 Co-authored-by: Michael Stapelberg <stapelberg@google.com>
Fetch usernames and groups via systemd userdb if available. Otherwise fall back to parsing /etc/passwd, etc. Fixes golang#38810 Co-authored-by: Michael Stapelberg <stapelberg@google.com>
Fetch usernames and groups via systemd userdb if available. Otherwise fall back to parsing /etc/passwd, etc. Fixes golang#38810 Co-authored-by: Michael Stapelberg <stapelberg@google.com>
Fetch usernames and groups via systemd userdb if available. Otherwise fall back to parsing /etc/passwd, etc. Fixes golang#38810 Co-authored-by: Michael Stapelberg <stapelberg@google.com>
Fetch usernames and groups via systemd userdb if available. Otherwise fall back to parsing /etc/passwd, etc. Fixes golang#38810 Co-authored-by: Michael Stapelberg <stapelberg@google.com>
Fetch usernames and groups via systemd userdb if available. Otherwise fall back to parsing /etc/passwd, etc. Fixes golang#38810 Co-authored-by: Michael Stapelberg <stapelberg@google.com>
Fetch usernames and groups via systemd userdb if available. Otherwise fall back to parsing /etc/passwd, etc. Fixes golang#38810 Co-authored-by: Michael Stapelberg <stapelberg@google.com>
Fetch usernames and groups via systemd userdb if available. Otherwise fall back to parsing /etc/passwd, etc. Fixes golang#38810 Co-authored-by: Michael Stapelberg <stapelberg@google.com>
Fetch usernames and groups via systemd userdb if available. Otherwise fall back to parsing /etc/passwd, etc. Fixes golang#38810 Co-authored-by: Michael Stapelberg <stapelberg@google.com>
Fetch usernames and groups via systemd userdb if available. Otherwise fall back to parsing /etc/passwd, etc. Fixes golang#38810 Co-authored-by: Michael Stapelberg <stapelberg@google.com>
Fetch usernames and groups via systemd userdb if available. Otherwise fall back to parsing /etc/passwd, etc. Fixes golang#38810 Co-authored-by: Michael Stapelberg <stapelberg@google.com>
Fetch usernames and groups via systemd userdb if available. Otherwise fall back to parsing /etc/passwd, etc. Fixes golang#38810 Co-authored-by: Michael Stapelberg <stapelberg@google.com>
Fetch usernames and groups via systemd userdb if available. Otherwise fall back to parsing /etc/passwd, etc. Fixes golang#38810 Co-authored-by: Michael Stapelberg <stapelberg@google.com>
Fetch usernames and groups via systemd userdb if available. Otherwise fall back to parsing /etc/passwd, etc. Fixes golang#38810 Co-authored-by: Michael Stapelberg <stapelberg@google.com>
Fetch usernames and groups via systemd userdb if available. Otherwise fall back to parsing /etc/passwd, etc. Fixes golang#38810 Co-authored-by: Michael Stapelberg <stapelberg@google.com>
CL was reverted. |
Change https://go.dev/cl/478896 mentions this issue: |
I recently learnt about systemd’s “User/Group Record Lookup API via Varlink”.
It’s a new service introduced by systemd v245 (released March 6th 2020) which can take the role of getpwnam(3) and related calls.
We could consider this as an option for
os/user
, which currently integrates with Name Service Switch (NSS) only when cgo is available. In non-cgo environments, we could try queryingsystemd-userdbd.service(8)
before falling back to the current behavior of parsing/etc/passwd
.There are two possible ways to query the service:
Parsing
userdbctl --output=json
. The upside is that userdbctl itself queries NSS if systemd-userdbd is not working. The downside is that we are relying on an external process. I’m not sure how this is regarded in the standard library, and whether overhead of os/user is of concern?If we wanted to avoid the process overhead, we could integrate with systemd-userdbd directly. I implemented a <100-line proof of concept which prints just the user name. The User/Group Record Lookup API uses a subset of varlink, which boils down to sending and receiving 0-terminated JSON messages over a Unix socket.
Appendix:
userdbctl --output=json
OutputThe text was updated successfully, but these errors were encountered: