schema: added non-unique parameter to PasswdUser

config/v3_2_experimental/schema/ignition.json

@@ -514,6 +514,9 @@
             },
             "shell": {
               "type": ["string", "null"]
+            },
+            "nonUnique": {
+              "type": ["boolean", "null"]
             }
           },
           "required": [

config/v3_2_experimental/types/schema.go

@@ -139,6 +139,7 @@ type PasswdUser struct {
 	NoCreateHome      *bool              `json:"noCreateHome,omitempty"`
 	NoLogInit         *bool              `json:"noLogInit,omitempty"`
 	NoUserGroup       *bool              `json:"noUserGroup,omitempty"`
+	NonUnique         *bool              `json:"nonUnique,omitempty"`
 	PasswordHash      *string            `json:"passwordHash,omitempty"`
 	PrimaryGroup      *string            `json:"primaryGroup,omitempty"`
 	SSHAuthorizedKeys []SSHAuthorizedKey `json:"sshAuthorizedKeys,omitempty"`

internal/exec/stages/files/passwd.go

@@ -15,6 +15,7 @@
 package files
 
 import (
+	"errors"
 	"fmt"
 	"path/filepath"
 
@@ -77,6 +78,23 @@ func (s *stage) createPasswd(config types.Config) error {
 	return nil
 }
 
+func userUIDConflict(a types.PasswdUser, list []types.PasswdUser) error {
+	if a.UID == nil {
+		return nil
+	}
+
+	for _, b := range list {
+		if b.UID == nil || a.Name == b.Name {
+			continue
+		}
+
+		if uint64(*b.UID) == uint64(*a.UID) && ((*b.NonUnique) == false || (*a.NonUnique) == false) {
+			return errors.New(fmt.Sprintf("conflicting uid from user: %s with uid: %d", b.Name, *b.UID))
+		}
+	}
+	return nil
+}
+
 // createUsers creates the users as described in config.Passwd.Users.
 func (s stage) createUsers(config types.Config) error {
 	if len(config.Passwd.Users) == 0 {
@@ -86,6 +104,11 @@ func (s stage) createUsers(config types.Config) error {
 	defer s.Logger.PopPrefix()
 
 	for _, u := range config.Passwd.Users {
+		if err := userUIDConflict(u, config.Passwd.Users); err != nil {
+			return fmt.Errorf("failed to create user %q: %v",
+				u.Name, err)
+		}
+
 		if err := s.EnsureUser(u); err != nil {
 			return fmt.Errorf("failed to create user %q: %v",
 				u.Name, err)

internal/exec/util/passwd.go

@@ -99,6 +99,8 @@ func (u Util) EnsureUser(c types.PasswdUser) error {
 			strconv.FormatUint(uint64(*c.UID), 10))
 	}
 
+	args = appendIfTrue(args, c.NonUnique, "--non-unique")
+
 	args = appendIfStringSet(args, "--comment", c.Gecos)
 	args = appendIfStringSet(args, "--gid", c.PrimaryGroup)
 

tests/positive/passwd/users.go

@@ -44,6 +44,16 @@ func AddPasswdUsers() types.Test {
 				{
 					"name": "jenkins",
 					"uid": 1020
+				},
+				{
+					"name": "test2",
+					"uid": 1030,
+					"nonUnique": true
+				},
+				{
+					"name": "test3",
+					"uid": 1030,
+					"nonUnique": true
 				}
 			]
 		}
@@ -116,28 +126,28 @@ ENCRYPT_METHOD SHA512
 				Name:      "passwd",
 				Directory: "etc",
 			},
-			Contents: "root:x:0:0:root:/root:/bin/bash\ncore:x:500:500:CoreOS Admin:/home/core:/bin/bash\nsystemd-coredump:x:998:998:systemd Core Dumper:/:/sbin/nologin\nfleet:x:253:253::/:/sbin/nologin\ntest:x:1000:1000::/home/test:/bin/bash\njenkins:x:1020:1001::/home/jenkins:/bin/bash\n",
+			Contents: "root:x:0:0:root:/root:/bin/bash\ncore:x:500:500:CoreOS Admin:/home/core:/bin/bash\nsystemd-coredump:x:998:998:systemd Core Dumper:/:/sbin/nologin\nfleet:x:253:253::/:/sbin/nologin\ntest:x:1000:1000::/home/test:/bin/bash\njenkins:x:1020:1001::/home/jenkins:/bin/bash\ntest2:x:1030:1002::/home/test2:/bin/bash\ntest3:x:1030:1003::/home/test3:/bin/bash\n",
 		},
 		{
 			Node: types.Node{
 				Name:      "group",
 				Directory: "etc",
 			},
-			Contents: "root:x:0:root\nwheel:x:10:root,core\nsudo:x:150:\ndocker:x:233:core\nsystemd-coredump:x:998:\nfleet:x:253:core\ncore:x:500:\nrkt-admin:x:999:\nrkt:x:251:core\ntest:x:1000:\njenkins:x:1001:\n",
+			Contents: "root:x:0:root\nwheel:x:10:root,core\nsudo:x:150:\ndocker:x:233:core\nsystemd-coredump:x:998:\nfleet:x:253:core\ncore:x:500:\nrkt-admin:x:999:\nrkt:x:251:core\ntest:x:1000:\njenkins:x:1001:\ntest2:x:1002:\ntest3:x:1003:\n",
 		},
 		{
 			Node: types.Node{
 				Name:      "shadow",
 				Directory: "etc",
 			},
-			Contents: "root:*:15887:0:::::\ncore:*:15887:0:::::\nsystemd-coredump:!!:17301::::::\nfleet:!!:17301::::::\ntest:zJW/EKqqIk44o:17331:0:99999:7:::\njenkins:*:17331:0:99999:7:::\n",
+			Contents: "root:*:15887:0:::::\ncore:*:15887:0:::::\nsystemd-coredump:!!:17301::::::\nfleet:!!:17301::::::\ntest:zJW/EKqqIk44o:17331:0:99999:7:::\njenkins:*:17331:0:99999:7:::\ntest2:*:17331:0:99999:7:::\ntest3:*:17331:0:99999:7:::\n",
 		},
 		{
 			Node: types.Node{
 				Name:      "gshadow",
 				Directory: "etc",
 			},
-			Contents: "root:*::root\nusers:*::\nsudo:*::\nwheel:*::root,core\nsudo:*::\ndocker:*::core\nsystemd-coredump:!!::\nfleet:!!::core\nrkt-admin:!!::\nrkt:!!::core\ncore:*::\ntest:!::\njenkins:!::\n",
+			Contents: "root:*::root\nusers:*::\nsudo:*::\nwheel:*::root,core\nsudo:*::\ndocker:*::core\nsystemd-coredump:!!::\nfleet:!!::core\nrkt-admin:!!::\nrkt:!!::core\ncore:*::\ntest:!::\njenkins:!::\ntest2:!::\ntest3:!::\n",
 		},
 		{
 			Node: types.Node{

tests/stubs/useradd-stub/main.go

@@ -38,6 +38,7 @@ var (
 	flagGid          int
 	flagGroups       string
 	flagShell        string
+	flagNonUnique    bool
 )
 
 func main() {
@@ -54,6 +55,7 @@ func main() {
 	flag.IntVar(&flagGid, "gid", -1, "The group name or number of the user's initial login group")
 	flag.StringVar(&flagGroups, "groups", "", "A list of supplementary groups which the user is also a member of")
 	flag.StringVar(&flagShell, "shell", "", "The name of the user's login shell")
+	flag.BoolVar(&flagNonUnique, "non-unique", false, "Allow the creation of a user account with a duplicate (non-unique) UID. ")
 
 	flag.Parse()