'completion:*:*:*:users ignored-patterns' more robust #562

Open
wants to merge 3 commits into
from

Conversation

Projects
None yet
2 participants
@kernc

kernc commented Feb 24, 2014

Calculates ignored users at runtime by looking at passwd database and stripping all users with UID < 500. This should work on most unices except perhaps Solaris, which supposedly starts normal users at UID=100.

By my timings, this makes it only some 0.010s slower.

@sorin-ionescu

This comment has been minimized.

Show comment
Hide comment
@sorin-ionescu

sorin-ionescu Feb 25, 2014

Owner

Is this needed? Why?

Owner

sorin-ionescu commented Feb 25, 2014

Is this needed? Why?

@kernc

This comment has been minimized.

Show comment
Hide comment
@kernc

kernc Feb 25, 2014

Currently, ignored users are hardcoded with no recognition of whether they are available on the system or not. Likewise, users that are common on any recent e.g. GNU/Linux system are excluded from the list.

Here is the output of comm <(awk_command_from_patch | sort) <(echo 'lf-separated prezto users list' | sort) on my machine:

IN PASSWD       IN PREZTO       IN BOTH
                adm
                amanda
                apache
apt-cacher-ng
                                avahi
backup
                beaglidx
                                bin
                cacti
                canna
                                clamav
colord
                                daemon
                dbus
Debian-gdm
                distcache
dnsmasq
                dovecot
                fax
                ftp
                                games
                gdm
                gkrellmd
gnats
                gopher
                hacluster
                haldaemon
                halt
hplip
                hsqldb
                ident
irc
                junkbust
                ldap
libuuid
lightdm
list
                                lp
                                mail
                mailman
                mailnull
man
messagebus
                mldonkey
                mysql
                nagios
                named
                netdump
                                news
                nfsnobody
                nobody
                nscd
                                ntp
                nut
                nx
                openvpn
                operator
                pcap
                postfix
                postgres
                privoxy
proxy
                                pulse
                pvm
                quagga
                radvd
                rpc
                rpcuser
                rpm
rtkit
                shutdown
                squid
                sshd
                                sync
sys
usbmux
                                uucp
                vcsa
www-data
                xfs

Obviously, the current prezto directive does not do very well what it intends to.

Should list of relevant system users ever wish to be kept up-to-date, this patch alleviates any future burden associated with it.

This is my only argument.

kernc commented Feb 25, 2014

Currently, ignored users are hardcoded with no recognition of whether they are available on the system or not. Likewise, users that are common on any recent e.g. GNU/Linux system are excluded from the list.

Here is the output of comm <(awk_command_from_patch | sort) <(echo 'lf-separated prezto users list' | sort) on my machine:

IN PASSWD       IN PREZTO       IN BOTH
                adm
                amanda
                apache
apt-cacher-ng
                                avahi
backup
                beaglidx
                                bin
                cacti
                canna
                                clamav
colord
                                daemon
                dbus
Debian-gdm
                distcache
dnsmasq
                dovecot
                fax
                ftp
                                games
                gdm
                gkrellmd
gnats
                gopher
                hacluster
                haldaemon
                halt
hplip
                hsqldb
                ident
irc
                junkbust
                ldap
libuuid
lightdm
list
                                lp
                                mail
                mailman
                mailnull
man
messagebus
                mldonkey
                mysql
                nagios
                named
                netdump
                                news
                nfsnobody
                nobody
                nscd
                                ntp
                nut
                nx
                openvpn
                operator
                pcap
                postfix
                postgres
                privoxy
proxy
                                pulse
                pvm
                quagga
                radvd
                rpc
                rpcuser
                rpm
rtkit
                shutdown
                squid
                sshd
                                sync
sys
usbmux
                                uucp
                vcsa
www-data
                xfs

Obviously, the current prezto directive does not do very well what it intends to.

Should list of relevant system users ever wish to be kept up-to-date, this patch alleviates any future burden associated with it.

This is my only argument.

modules/completion/init.zsh
- operator pcap postfix postgres privoxy pulse pvm quagga radvd \
- rpc rpcuser rpm shutdown squid sshd sync uucp vcsa xfs '_*'
+zstyle ':completion:*:*:*:users' ignored-patterns nobody '_*' \
+ $(awk -F: '$3 < 500 && $1 != "root" {printf "%s ", $1}' /etc/passwd)

This comment has been minimized.

@sorin-ionescu

sorin-ionescu Feb 25, 2014

Owner

It does not escape comments. You need a regex to filter account lines.

@sorin-ionescu

sorin-ionescu Feb 25, 2014

Owner

It does not escape comments. You need a regex to filter account lines.

This comment has been minimized.

@kernc

kernc Feb 25, 2014

I'm not sure I understand what you mean. Filter out comments from the passwd database? I can't say I know from experience, but this page suggests passwd file cannot hold comments.

@kernc

kernc Feb 25, 2014

I'm not sure I understand what you mean. Filter out comments from the passwd database? I can't say I know from experience, but this page suggests passwd file cannot hold comments.

This comment has been minimized.

@sorin-ionescu

sorin-ionescu Feb 26, 2014

Owner

It does hold comments on Mac OS X.

@sorin-ionescu

sorin-ionescu Feb 26, 2014

Owner

It does hold comments on Mac OS X.

@sorin-ionescu

This comment has been minimized.

Show comment
Hide comment
@sorin-ionescu

sorin-ionescu Feb 25, 2014

Owner

As for Solaris, see bellow.

UID numbers for users range from 100 to 60000. Values 0 through 99 are reserved for system accounts. UID number 60001 is reserved for the nobody account. UID number 60002 is reserved for the noaccess account.

Owner

sorin-ionescu commented Feb 25, 2014

As for Solaris, see bellow.

UID numbers for users range from 100 to 60000. Values 0 through 99 are reserved for system accounts. UID number 60001 is reserved for the nobody account. UID number 60002 is reserved for the noaccess account.

@kernc

This comment has been minimized.

Show comment
Hide comment
@kernc

kernc Feb 25, 2014

Yes, weirdo Solaris, only reserving 100 UID/GID combos for services. :D
What I can suggest is adding nobody4 and noaccess hardcoded, while the minority of other heavy Solaris users that use zsh would need to specify usernames manually. Unless there is some trivial and inexpensive way to check whether we are Solaris. It could also work with various other heuristics such as $6 matching /home/.*, for a valid user's home, and/or $7 matching /bin/.*?sh, for a valid shell; but the reliability of these heuristics is somewhat questionable.

kernc commented Feb 25, 2014

Yes, weirdo Solaris, only reserving 100 UID/GID combos for services. :D
What I can suggest is adding nobody4 and noaccess hardcoded, while the minority of other heavy Solaris users that use zsh would need to specify usernames manually. Unless there is some trivial and inexpensive way to check whether we are Solaris. It could also work with various other heuristics such as $6 matching /home/.*, for a valid user's home, and/or $7 matching /bin/.*?sh, for a valid shell; but the reliability of these heuristics is somewhat questionable.

@sorin-ionescu

This comment has been minimized.

Show comment
Hide comment
@sorin-ionescu

sorin-ionescu Feb 26, 2014

Owner

$OSTYPE holds OS information.

Owner

sorin-ionescu commented Feb 26, 2014

$OSTYPE holds OS information.

@kernc

This comment has been minimized.

Show comment
Hide comment
@kernc

kernc Feb 26, 2014

If $OSTYPE on Solaris is something-solaris-something, I think this may be it.

kernc commented Feb 26, 2014

If $OSTYPE on Solaris is something-solaris-something, I think this may be it.

@kernc

This comment has been minimized.

Show comment
Hide comment
@kernc

kernc Mar 1, 2014

I think this is indeed faster now. :D

kernc commented Mar 1, 2014

I think this is indeed faster now. :D

completion:**:users ignored-patterns more robust
Calculates ignored users at runtime by extracting them from
passwd database and considering all users with UID < 100
(on Solaris systems) or UID < 500 (everywhere else).

By my timings, this doesn't make it any noticably slower.
modules/completion/init.zsh
- operator pcap postfix postgres privoxy pulse pvm quagga radvd \
- rpc rpcuser rpm shutdown squid sshd sync uucp vcsa xfs '_*'
+zstyle ':completion:*:*:*:users' ignored-patterns nobody nobody4 noaccess '_*' \
+ $([[ $OSTYPE =~ solaris ]] && max_uid=100 || max_uid=500

This comment has been minimized.

@sorin-ionescu

sorin-ionescu Mar 1, 2014

Owner

I think it's supposed to be SunOS, not solaris.

Don't use regular expressions; Zsh is not compiled with pcre by default on all systems. Use globbing.

@sorin-ionescu

sorin-ionescu Mar 1, 2014

Owner

I think it's supposed to be SunOS, not solaris.

Don't use regular expressions; Zsh is not compiled with pcre by default on all systems. Use globbing.

modules/completion/init.zsh
+zstyle ':completion:*:*:*:users' ignored-patterns nobody nobody4 noaccess '_*' \
+ $([[ $OSTYPE =~ solaris ]] && max_uid=100 || max_uid=500
+ IFS=:
+ while read user pass uid remainder; do

This comment has been minimized.

@sorin-ionescu

sorin-ionescu Mar 1, 2014

Owner

This operation can be cached. Zsh completions support caching. You'll have to read man zshcompsys though.

@sorin-ionescu

sorin-ionescu Mar 1, 2014

Owner

This operation can be cached. Zsh completions support caching. You'll have to read man zshcompsys though.

This comment has been minimized.

@kernc

kernc Mar 1, 2014

What do I base the validity of cached data on? Sorry, I'm stumbling. Is there a similar example already in prezto?

The operation doesn't seem expensive, though, and /etc/passwd is already cached by the OS anyway.

@kernc

kernc Mar 1, 2014

What do I base the validity of cached data on? Sorry, I'm stumbling. Is there a similar example already in prezto?

The operation doesn't seem expensive, though, and /etc/passwd is already cached by the OS anyway.

@sorin-ionescu

This comment has been minimized.

Show comment
Hide comment
@sorin-ionescu

sorin-ionescu Mar 1, 2014

There are way too many UNIXES to do that. If only Solaris does that, then just check for SunOS.

There are way too many UNIXES to do that. If only Solaris does that, then just check for SunOS.

This comment has been minimized.

Show comment
Hide comment
@kernc

kernc Mar 1, 2014

Owner

Well, I just though UID_MIN was traditionally set at 100 and then only increased in modern systems for practical reasons. If that was indeed the case, I forgot bsd too. Anyway, I set it to SunOS now, and any noticable regressions shall be reported as bugs anyway. :)

Owner

kernc replied Mar 1, 2014

Well, I just though UID_MIN was traditionally set at 100 and then only increased in modern systems for practical reasons. If that was indeed the case, I forgot bsd too. Anyway, I set it to SunOS now, and any noticable regressions shall be reported as bugs anyway. :)

This comment has been minimized.

Show comment
Hide comment
@sorin-ionescu

sorin-ionescu Mar 2, 2014

It depends on the distribution. There are LINUX distributions that start it at 100, there are that start at 500, and Debian, if I recall, starts at 1000. I don't think there is a way to reliably set this unless there is a file or system setting that can be checked.

It depends on the distribution. There are LINUX distributions that start it at 100, there are that start at 500, and Debian, if I recall, starts at 1000. I don't think there is a way to reliably set this unless there is a file or system setting that can be checked.

This comment has been minimized.

Show comment
Hide comment
@kernc

kernc Mar 2, 2014

Owner

I don't think any Linux has UID_MIN < 500. As I hear, 500 is customary for RHEL and CentOS. Obviously, 500 is a common denominator of at least OS X, BSDs (I asked on #freebsd), and Linux distributions (even Debian-based since 500 < 1000 — none of the legit users are ever discounted while all the services rising from UID=0 are, as expected). (Save for the example of 500 system service accounts — a purely theoretical case I have yet to witness.)

In practice, this should work without fault for over 99% of prezto users and work much better than the lines currently used!

On GNU/Linux, there is a setting UID_MIN in /etc/login.defs, but I don't think it is mandated by POSIX/Unix, so not portable either.

Owner

kernc replied Mar 2, 2014

I don't think any Linux has UID_MIN < 500. As I hear, 500 is customary for RHEL and CentOS. Obviously, 500 is a common denominator of at least OS X, BSDs (I asked on #freebsd), and Linux distributions (even Debian-based since 500 < 1000 — none of the legit users are ever discounted while all the services rising from UID=0 are, as expected). (Save for the example of 500 system service accounts — a purely theoretical case I have yet to witness.)

In practice, this should work without fault for over 99% of prezto users and work much better than the lines currently used!

On GNU/Linux, there is a setting UID_MIN in /etc/login.defs, but I don't think it is mandated by POSIX/Unix, so not portable either.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment