From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 30E7A158086 for ; Thu, 11 Nov 2021 12:32:37 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 6F88DE0963; Thu, 11 Nov 2021 12:32:31 +0000 (UTC) Received: from uriel.iewc.co.za (uriel.iewc.co.za [IPv6:2c0f:f720:0:3:d6ae:52ff:feb8:f27b]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 9BD97E0959 for ; Thu, 11 Nov 2021 12:32:30 +0000 (UTC) Received: from [2c0f:f720:fe16:5300::1] (helo=tauri.local.uls.co.za) by uriel.iewc.co.za with esmtpsa (TLS1.3) tls TLS_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1ml9Fi-0004LY-Hd; Thu, 11 Nov 2021 14:32:26 +0200 Received: from [192.168.42.206] (helo=[192.168.1.188]) by tauri.local.uls.co.za with esmtp (Exim 4.94.2) (envelope-from ) id 1ml9Fh-0001kE-6p; Thu, 11 Nov 2021 14:32:25 +0200 To: gentoo-dev@lists.gentoo.org, Pacho Ramos References: <570d3b72-35f4-51ea-fe91-25d49057a9d8@gentoo.org> <844d85bc625fb6d6eeaea502457430c2ad011594.camel@gentoo.org> From: Jaco Kroon Organization: Ultimate Linux Solutions (Pty) Ltd Subject: Re: [gentoo-dev] Don't use UIDs and GIDs below 100 without QA approval Message-ID: <662bd113-943f-d360-7e9a-1a6238ac8ba2@uls.co.za> Date: Thu, 11 Nov 2021 14:32:24 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.13.0 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 In-Reply-To: <844d85bc625fb6d6eeaea502457430c2ad011594.camel@gentoo.org> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Content-Language: en-GB X-Spam-report: Relay access (uriel.iewc.co.za). X-Archives-Salt: 826a62ab-3e6c-47f1-a95f-dbf6fbbd97cf X-Archives-Hash: e9ecada3372cc877c843d4ad30a580b6 Hi, On 2021/11/11 14:10, Pacho Ramos wrote: > In any case, 300 additional IDs may not be future proof at the rate >> we're currently allocating them. So I wonder if we shouldn't move to >> above 60000 immediately, or alternatively, give up the whole concept. >> >> Ulrich > Personally I would move to >60000 and keep the 300 additional IDs for t= he case > some software really really needs them=20 # getent passwd | awk -F: '{ print $3 }' | sort -g | tail -n3 37945 37946 65534 <-- this happens to be nobody. >60000 up to where?=C2=A0 65533?=C2=A0 I'll need to make a "hole" in our allocations but that's perfectly do-able.=C2=A0 Others may run into simil= ar issues and be caught unawares (especially if UID/GID values are allocated from some other system which may not be aware of UID/GID values on specific servers).=C2=A0 Might be worth the trouble to head to >=3D2^31, but that will again fail on systems that still use 16-bit UID/GID values (I'm not aware that we still support kernels older than 2.= 4). https://systemd.io/UIDS-GIDS/ basically says system users (which we're discussing here) is <1000.=C2=A0 systemd also already violates this state= ment itself just a few paragraphs down with special systemd UID and GID ranges.=C2=A0 And already >60000 ranges listed here (most of 60000 to 655= 33 is reserved by systemd). Kind Regards, Jaco