[arch-dev-public] Fixing groupadd

Aaron Griffin aaronmgriffin at gmail.com
Fri Feb 26 17:30:47 EST 2010 

On Thu, Feb 25, 2010 at 7:08 PM, Allan McRae <allan at archlinux.org> wrote:
> On 23/02/10 15:06, Allan McRae wrote:
>>
>> On 23/02/10 04:49, Roman Kyrylych wrote:
>>>
>>> On Mon, Feb 22, 2010 at 17:19, Allan McRae<allan at archlinux.org> wrote:
>>>>
>>>> Hi,
>>>>
>>>> At the moment, groupadd always creates system groups with GID=99.
>>>> (http://bugs.archlinux.org/task/16092).
>>>>
>>>> We can fix this by adding something quite standard like:
>>>> SYS_UID_MIN = 100
>>>> SYS_GID_MIN = 100
>>>> SYS_UID_MAX = 999
>>>> SYS_GID_MAX = 999
>>>> in /etc/login.defs
>>>>
>>>> But this will lead to possible issues with packages using fixed GID>=
>>>> 100.
>>>> e.g. I could create a bunch system groups and then install a package who
>>>> has predetermined that an already used group ID is for it.
>>>>
>>>> There are two possible solutions:
>>>> 1) Set SYS_{U,G}ID_MIN to (e.g.) 500 and have all packages use
>>>> numbers below
>>>> 500.
>>>> 2) Have the packages create a group without a specified ID. Anything
>>>> requiring a fixed group ID at compile time (e.g. mailman) must use a
>>>> number
>>>> < 100.
>>>>
>>>> I am in favour of #2 (slightly) as it seems the better solution, but #1
>>>> would only require shadow to be fixed and no rebuilds for other packages
>>>> (the number of rebuilds for #2 would be very small). Opinions?
>>>
>>> I prefer #2 too, but there is a priblem: the space of GID< 100 is
>>> crowded,
>>> and some packages (e.g. gdm) switched to not using fixed GIDs due to
>>> this.
>>> UIDs up to 1000 are reserved for system purposes,
>>> would be nice to increase the number of reserved GIDs too.
>>
>> This reserves GID < 1000 for system use, but only GID < 100 are "fixed".
>> The rest are assigned dynamically. Do we really need more fixed GIDs?
>> Most packages requiring a new group can have group ID generated on
>> install. Anyone know what other distros do here?
>
> Any other opinions on this?
>
> That packages that create groups > 100 that would require rebuilt for option
> #1 are:

I like the idea of increasing the *ID_MIN (option #1), but don't other
distros use 1000 for system groups?

More information about the arch-dev-public mailing list