[arch-dev-public] Fixing groupadd
Roman Kyrylych
roman.kyrylych at gmail.com
Mon Feb 22 13:49:18 EST 2010
On Mon, Feb 22, 2010 at 17:19, Allan McRae <allan at archlinux.org> wrote:
> Hi,
>
> At the moment, groupadd always creates system groups with GID=99.
> (http://bugs.archlinux.org/task/16092).
>
> We can fix this by adding something quite standard like:
> SYS_UID_MIN = 100
> SYS_GID_MIN = 100
> SYS_UID_MAX = 999
> SYS_GID_MAX = 999
> in /etc/login.defs
>
> But this will lead to possible issues with packages using fixed GID >= 100.
> e.g. I could create a bunch system groups and then install a package who
> has predetermined that an already used group ID is for it.
>
> There are two possible solutions:
> 1) Set SYS_{U,G}ID_MIN to (e.g.) 500 and have all packages use numbers below
> 500.
> 2) Have the packages create a group without a specified ID. Anything
> requiring a fixed group ID at compile time (e.g. mailman) must use a number
> < 100.
>
> I am in favour of #2 (slightly) as it seems the better solution, but #1
> would only require shadow to be fixed and no rebuilds for other packages
> (the number of rebuilds for #2 would be very small). Opinions?
I prefer #2 too, but there is a priblem: the space of GID < 100 is crowded,
and some packages (e.g. gdm) switched to not using fixed GIDs due to this.
UIDs up to 1000 are reserved for system purposes,
would be nice to increase the number of reserved GIDs too.
--
Roman Kyrylych (Роман Кирилич)
More information about the arch-dev-public
mailing list