Better handling required user and group

[pevik]

LTP requires special user and group to be presented (check IDcheck.sh script). Instead of hard-wired them in tests it'd be great to have tst_user() and tst_group() which would allow via environment variables to use alternative ones.

+ adding test flag .needs_user = 1 (C API) and TST_NEEDS_USER (shell API) which would:

1. check for $TST_USER and use it if exist (this should have default "nobody")
2. create temporary user if $TST_USER does not exist, which would be deleted after test (see code in testcases/kernel/syscalls/add_key/add_key05.c).
   Not sure if sharing user between tests is ok (probably is).
   Allowing default helps embedded distros, which might not have useradd binary (adding C code for adding new user would be error prone and IMHO not work for embedded and android distros).

C API may also add SAFE_USERADD() and SAFE_USERDEL() for tests which needs more users (at least testcases/kernel/syscalls/add_key/add_key05.c), maybe shell API need that as well.

There are many tests which would benefit from it, e.g. (incomplete list):
testcases/kernel/syscalls/add_key/add_key05.c
testcases/kernel/syscalls/chmod/chmod05.c
testcases/kernel/syscalls/chdir/chdir03.c
testcases/kernel/syscalls/ipc/shmget/shmget04.c
testcases/kernel/fs/read_all/read_all.c
testcases/kernel/security/dirtyc0w/dirtyc0w.c

UPDATE: most of tests now just use user 'nobody' and group 'nogroup', but AOSP requires to use GID 'daemon' instead of 'nogroup', see
https://lore.kernel.org/ltp/YVtBt+WeskISn5+9@pevik/T/#t

This should be handled in the library + allowing to redefine required users would be enough.

[dzedro]

Working on it, ideally both C & Shell API

[pevik]

Some custom user adding:
https://patchwork.ozlabs.org/project/ltp/patch/20240828134551.6344-1-wegao@suse.com/

[pevik]

Some custom user adding: https://patchwork.ozlabs.org/project/ltp/patch/20240828134551.6344-1-wegao@suse.com/

I send alternative approach for isofs.sh fix for SLE-Micro in https://patchwork.ozlabs.org/project/ltp/patch/20240830113913.49675-1-pvorel@suse.cz/

It uses 'nobody' user, detect group name (Debian uses 'nogroup' instead of 'nobody'). That is a quick fix for 'isofs.sh'.

But from long term perspective I suppose LTP should finally replace IDcheck.sh script with user/group support in the library (both C and shell API).

I propose to use the same as my fix for isofs.sh: use 'nobody' user, detect its group name. I would also create new user if 'nobody' does not exist. The downside is that it would be run more times than just after the installation.
For C API tests this check could be run on based some flag: CAPI struct tst_test new tag (e.g. .needs_user = 1), shell API: NEEDS_USER=1 and the check would be run only for these tests.

[pevik]

NOTE how many tests rely on nobody:nobody or nobody:nogroup user (mostly in syscalls, but not limited to it, even one openposix test needs it):

$ git grep -l -e 'getpwnam."nobody"' -e static.*char.*'"nobody"' -e nobody.*pw_uid -e 'SAFE_SETGID.*"nobody"' -e 'SAFE_GETPWNAM.."nobody"' -e 'char.*user.*"nobody"' testcases/ |wc -l
66

IMHO all tests which use other non-root user should migrate to nobody:nobody / nobody:nogroup.

Also we have SAFE_GETGRNAM_FALLBACK() since dc1ee87, which is used in two tests:

ltp/testcases/kernel/syscalls/fchmod/fchmod02.c

Lines 53 to 54 in 6c3293c

	ltpuser = SAFE_GETPWNAM("nobody");
	ltpgroup = SAFE_GETGRNAM_FALLBACK("users", "daemon");

ltp/testcases/kernel/syscalls/fchmod/fchmod02.c

Lines 53 to 54 in 6c3293c

	ltpuser = SAFE_GETPWNAM("nobody");
	ltpgroup = SAFE_GETGRNAM_FALLBACK("users", "daemon");

Added in 065698d fbdb9f8.

@patils @edliaw I wonder if one can create user on Android/AOSP or we really need to determine which users are available (in that case instead of creating missing user there could be reasonable default - user nobody + detect it's group name, but that could be redefined for AOSP + maybe allow to specify user environment variable).

[edliaw]

@pevik Unfortunately we can't create users afaik; the users/groups are defined here: https://cs.android.com/android/_/android/platform/system/core/+/main:libcutils/include/private/android_filesystem_config.h. Most of the tests in AOSP run with the root or shell UID.