[arch-dev-public] Fixing groupadd

Allan McRae allan at archlinux.org
Tue Feb 23 00:06:38 EST 2010


On 23/02/10 04:49, Roman Kyrylych wrote:
> On Mon, Feb 22, 2010 at 17:19, Allan McRae<allan at archlinux.org>  wrote:
>> Hi,
>>
>> At the moment, groupadd always creates system groups with GID=99.
>>   (http://bugs.archlinux.org/task/16092).
>>
>> We can fix this by adding something quite standard like:
>> SYS_UID_MIN = 100
>> SYS_GID_MIN = 100
>> SYS_UID_MAX = 999
>> SYS_GID_MAX = 999
>> in /etc/login.defs
>>
>> But this will lead to possible issues with packages using fixed GID>= 100.
>>   e.g. I could create a bunch system groups and then install a package who
>> has predetermined that an already used group ID is for it.
>>
>> There are two possible solutions:
>> 1) Set SYS_{U,G}ID_MIN to (e.g.) 500 and have all packages use numbers below
>> 500.
>> 2) Have the packages create a group without a specified ID.  Anything
>> requiring a fixed group ID at compile time (e.g. mailman) must use a number
>> <  100.
>>
>> I am in favour of #2 (slightly) as it seems the better solution, but #1
>> would only require shadow to be fixed and no rebuilds for other packages
>> (the number of rebuilds for #2 would be very small). Opinions?
>
> I prefer #2 too, but there is a priblem: the space of GID<  100 is crowded,
> and some packages (e.g. gdm) switched to not using fixed GIDs due to this.
> UIDs up to 1000 are reserved for system purposes,
> would be nice to increase the number of reserved GIDs too.

This reserves GID < 1000 for system use, but only GID < 100 are "fixed". 
  The rest are assigned dynamically.  Do we really need more fixed GIDs? 
  Most packages requiring a new group can have group ID generated on 
install.  Anyone know what other distros do here?

Allan





More information about the arch-dev-public mailing list