On 09/08/14 14:53, Daniel Micay wrote:
The current strategy for handling this involves reserving ids for every package needing users / groups and tracking it on the wiki. The wiki doesn't actually correspond well to the state of packages in the repositories, as it's missing quite a few users / groups and has plenty that are not used by any official package.
I wanted to start moving away some more services from root, but I think this needs to be dealt with first.
I suggest reserving a large range (500-999) for *dynamic* ids
We already do that... Look at /etc/login.defs and then
moving packages to groupadd -r / useradd -r *without* a hard-wired id whenever possible. Most packages can easily get away with this, because the configuration files only reference it by name and they don't have any packaged files that need to be in the group.
An example of a package already using a dynamic id is `git`, but it's very precarious right now because it relies on an unstated assumption that no one is going to reserve high static ids.
We already reserve 1 to 500 for static ids.