[arch-dev-public] Fixing groupadd

Allan McRae allan at archlinux.org
Thu Feb 25 21:08:37 EST 2010 

On 23/02/10 15:06, Allan McRae wrote:
> On 23/02/10 04:49, Roman Kyrylych wrote:
>> On Mon, Feb 22, 2010 at 17:19, Allan McRae<allan at archlinux.org> wrote:
>>> Hi,
>>>
>>> At the moment, groupadd always creates system groups with GID=99.
>>> (http://bugs.archlinux.org/task/16092).
>>>
>>> We can fix this by adding something quite standard like:
>>> SYS_UID_MIN = 100
>>> SYS_GID_MIN = 100
>>> SYS_UID_MAX = 999
>>> SYS_GID_MAX = 999
>>> in /etc/login.defs
>>>
>>> But this will lead to possible issues with packages using fixed GID>=
>>> 100.
>>> e.g. I could create a bunch system groups and then install a package who
>>> has predetermined that an already used group ID is for it.
>>>
>>> There are two possible solutions:
>>> 1) Set SYS_{U,G}ID_MIN to (e.g.) 500 and have all packages use
>>> numbers below
>>> 500.
>>> 2) Have the packages create a group without a specified ID. Anything
>>> requiring a fixed group ID at compile time (e.g. mailman) must use a
>>> number
>>> < 100.
>>>
>>> I am in favour of #2 (slightly) as it seems the better solution, but #1
>>> would only require shadow to be fixed and no rebuilds for other packages
>>> (the number of rebuilds for #2 would be very small). Opinions?
>>
>> I prefer #2 too, but there is a priblem: the space of GID< 100 is
>> crowded,
>> and some packages (e.g. gdm) switched to not using fixed GIDs due to
>> this.
>> UIDs up to 1000 are reserved for system purposes,
>> would be nice to increase the number of reserved GIDs too.
>
> This reserves GID < 1000 for system use, but only GID < 100 are "fixed".
> The rest are assigned dynamically. Do we really need more fixed GIDs?
> Most packages requiring a new group can have group ID generated on
> install. Anyone know what other distros do here?

Any other opinions on this?

That packages that create groups > 100 that would require rebuilt for 
option #1 are:

[extra]
deluge
gdm
networkmanager-openconnect

[community]
adesklets
dspam
partimage
postgrey
pulseaudio
virtualbox-ose

Allan

More information about the arch-dev-public mailing list