find(1) and group/user handling

[Paul Goyette]

WRT to your (kre's) PR bin/46158, I have to wonder ...

Assume there is an entry in the password database for a username "123"
but with uid value of 456. If find is invoked with '-user 123' should
we match this pw entry and compare the file's numeric owner with 456?
Or should find(1) treat an all-numeric username strictly as a number,
and compare in this case against 123?

In the latter case, it makes sense to allow the plus/minus prefix.

But if we decide that the "username" provided should be treated as a
name whenever possible, then it would not make sense to permit the
prefix. A '-user +123' should strictly match a username of +123; if
no such user exists (sidebar: are + and - valid characters in a
username?) we should treat the request as "any user id greater than
123".

In my opinion, the -user and -group primaries should work strictly with
_names_, and _never_ fallback to {u,g}id values; we could easily add
new primaries -uid and -gid to search for the numeric values. However,
this would make find(1) incompatible with existing versions.

Comments?


+------------------+--------------------------+------------------------+
| Paul Goyette | PGP Key fingerprint: | E-mail addresses: |
| (Retired) | FA29 0E3B 35AF E8AE 6651 | paul at whooppee.com |
| Kernel Developer | 0786 F758 55DE 53BA 7731 | pgoyette at netbsd.org |
+------------------+--------------------------+------------------------+

[David Holland]

On Sun, Jun 12, 2016 at 08:10:27PM +0800, Paul Goyette wrote:
> In my opinion, the -user and -group primaries should work strictly with
> _names_, and _never_ fallback to {u,g}id values; we could easily add
> new primaries -uid and -gid to search for the numeric values. However,
> this would make find(1) incompatible with existing versions.
>
> Comments?

I agree; ambiguating what things do is usually not a good idea,
because eventually the result is that it does something you don't
expect and then you have to figure out both what it thought you meant
and what it did.

Maybe find . -user 123 should print "Warning: treating "123" as uid;
use -uid".

Usernames can't in practice begin with + and - because this conflicts
with the NIS "compat" syntax in the password file; also getty rejects
usernames beginning with - ever since someone discovered that logging
in as "-froot" would cause getty to exec "login -froot", and many
other programs that take usernames would interpret them as options
with unwanted results. So I wouldn't worry about that part.

--
David A. Holland
dhol...@netbsd.org

[David Holland]

On Sun, Jun 12, 2016 at 05:19:54PM +0000, David Holland wrote:
> On Sun, Jun 12, 2016 at 08:10:27PM +0800, Paul Goyette wrote:
> > In my opinion, the -user and -group primaries should work strictly with
> > _names_, and _never_ fallback to {u,g}id values; we could easily add
> > new primaries -uid and -gid to search for the numeric values. However,
> > this would make find(1) incompatible with existing versions.
> >
> > Comments?
>
> I agree; ambiguating what things do is usually not a good idea,
> because eventually the result is that it does something you don't
> expect and then you have to figure out both what it thought you meant
> and what it did.

> [...]

For now though I've fixed it so -user and -group at least behave the
same way.

[Paul Goyette]

Thanks!

Your earlier comments about user names not being allowed to start with a
plus or minus were informative. But what about group names? Can they
legally start with plus/minus? :)

[David Holland]

On Mon, Jun 13, 2016 at 06:00:52AM +0800, Paul Goyette wrote:
> >For now though I've fixed it so -user and -group at least behave the
> >same way.
>
> Thanks!
>
> Your earlier comments about user names not being allowed to start with a
> plus or minus were informative. But what about group names? Can they
> legally start with plus/minus? :)

Same syntax happens in the group file, so, effectively no.