[arch-dev-public] cleaning up the gid/uid mess
Allan McRae
allan at archlinux.org
Sat Aug 9 01:07:09 EDT 2014
On 09/08/14 14:53, Daniel Micay wrote:
> The current strategy for handling this involves reserving ids for every
> package needing users / groups and tracking it on the wiki. The wiki
> doesn't actually correspond well to the state of packages in the
> repositories, as it's missing quite a few users / groups and has plenty
> that are not used by any official package.
>
> I wanted to start moving away some more services from root, but I think
> this needs to be dealt with first.
>
> I suggest reserving a large range (500-999) for *dynamic* ids
We already do that... Look at /etc/login.defs
and then
> moving packages to groupadd -r / useradd -r *without* a hard-wired id
> whenever possible. Most packages can easily get away with this, because
> the configuration files only reference it by name and they don't have
> any packaged files that need to be in the group.
>
> An example of a package already using a dynamic id is `git`, but it's
> very precarious right now because it relies on an unstated assumption
> that no one is going to reserve high static ids.
We already reserve 1 to 500 for static ids.
More information about the arch-dev-public
mailing list