Re: [gentoo-dev] rfc: allow -1 for ACCT_USER_ID and ACCT_GROUP_ID in ::gentoo

[Sam James <sam@gentoo.org>]

[-- Attachment #1.1: Type: text/plain, Size: 2754 bytes --]



> On 29 Nov 2021, at 00:06, Michael Orlitzky <mjo@gentoo.org> wrote:
> 
> On Sun, 2021-11-28 at 23:39 +0000, Sam James wrote:
>> 
>> Whissi and others raised some points that I think you may have some views on
>> (and I'm interested in hearing them).
>> 
> 
> I don't want to put words in his mouth, but I think Whissi takes issue
> with using the package manager to manage users, period. Not
> specifically with our use of a UID/GID hint.
> 
> I didn't respond to the first thread because I didn't want to pick a
> fight when the correct conclusion (IMO) was already reached. In the
> first thread I see only hypothetical problems raised (and a bunch of
> people who didn't realize the numbers are only a hint). If any of those
> problems are real and solved by allowing ACCT_USER_ID=-1 in ::gentoo,
> you'll have to point them out.
> 

Yeah, that seems like a fair interpretation (and matches my understanding).

I don't really see the problem with people who want manual administration
just setting the relevant variables in make.conf.

What I wish we had done (and there's still time to do, albeit belated --
it's still useful for the remaining big bits like Apache and nginx) is
write a news item explaining the implications and linked to a page
like https://wiki.gentoo.org/wiki/Practical_guide_to_the_GLEP_81_migration <https://wiki.gentoo.org/wiki/Practical_guide_to_the_GLEP_81_migration>
(which ConiKost created after we discussed how to inform users better)
that explains how to work around/express their preferences/give their own hints.

Sorry, I should've been explicit. The main thing I'd like to understand better
from your POV is:

this isn't new, but you're quite clear you feel that the UID/GID range limitations
are completely arbitrary and without merit(?).

Whissi essentially says the opposite: https://archives.gentoo.org/gentoo-dev/message/17a22877f5f18dae44a2f0859d807450 <https://archives.gentoo.org/gentoo-dev/message/17a22877f5f18dae44a2f0859d807450>.

I'd like to understand if this is just a result of beliefs about what the PM should/shouldn't do
or if there's genuine problems with continuing to extend the range?

I think I'd like to see sources on various UID ranges being hardcoded in places as
I suspect any such software may have dubious quality anyway, but that's on him,
not you.

It still seems like in terms of interoperability, there's little impact:
folks can force whatever UIDs/GIDs they want. It's not like the situation was
any better with dynamic allocation unless you installed in exactly the right order
(so some precise setup wasrequired in the past anyway, the difference is now you
explicitly state what you want if you need it).

Best,
sam

[-- Attachment #1.2: Type: text/html, Size: 3876 bytes --]

[-- Attachment #2: Message signed with OpenPGP --]
[-- Type: application/pgp-signature, Size: 618 bytes --]