[arch-dev-public] cleaning up the gid/uid mess
Daniel Micay
danielmicay at gmail.com
Sat Aug 9 01:09:51 EDT 2014
On 09/08/14 01:07 AM, Allan McRae wrote:
> On 09/08/14 14:53, Daniel Micay wrote:
>> The current strategy for handling this involves reserving ids for every
>> package needing users / groups and tracking it on the wiki. The wiki
>> doesn't actually correspond well to the state of packages in the
>> repositories, as it's missing quite a few users / groups and has plenty
>> that are not used by any official package.
>>
>> I wanted to start moving away some more services from root, but I think
>> this needs to be dealt with first.
>>
>> I suggest reserving a large range (500-999) for *dynamic* ids
>
> We already do that... Look at /etc/login.defs
>
> and then
>> moving packages to groupadd -r / useradd -r *without* a hard-wired id
>> whenever possible. Most packages can easily get away with this, because
>> the configuration files only reference it by name and they don't have
>> any packaged files that need to be in the group.
>>
>> An example of a package already using a dynamic id is `git`, but it's
>> very precarious right now because it relies on an unstated assumption
>> that no one is going to reserve high static ids.
>
> We already reserve 1 to 500 for static ids.
Ah, well I clearly had no idea! :)
I've just been using static ids for no other reason than every other
package seems to do it...
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.archlinux.org/pipermail/arch-dev-public/attachments/20140809/483f30a8/attachment.asc>
More information about the arch-dev-public
mailing list