Hi Mike,

From user.eclass:

146         if [[ ${euid} -gt 0 ]] ; then
147             if [[ -n $(egetent passwd ${euid}) ]] ; then
148                 [[ -n ${force_uid} ]] && die "${FUNCNAME}: UID ${euid} already taken"
149                 euid="next"
150             fi
151         else
152             eerror "Userid given but is not greater than 0 !"
153             die "${euid} is not a valid UID"
154         fi

Similar for egid.

This is the discrepency of >=0 (acct-user and acct-group) vs >0 (user) I was referring.  So yes, I can set it, but the underlying enewuser and enewgroup calls is going to kick out as per above.

Yes, I could use something like uid=1 (bin) and gid=1 (bin) which I'm reasonably sure use comes from baselayout and is thus almost guaranteed to conflict always, but the *intention* of that's unclear.  I'd rather (and I'm happy to write the patches, just don't want to waste my time doing so if it's of no interest to anyone else) have a way to explicitly state "I really don't care about this uid or gid value".  Also, should it be required to be set to eg -1 to indicate this, or is the variable not being set a good enough indication?  I'm included to require -1 else a simple typo could result in accidental dynamic allocation.

Regarding your $RANDOM idea ... that is rather crazy, and will work, however, I suspect you should make that % 499 ... saw an email earlier about the IDs should be <500 since 500 to 999 is reserved for dynamic allocation.

I currently have at least four dynamically allocated groups on the machine I'm typing this on:

tcpdump:x:999:
mrtg:x:998:
rrd:x:997:
ulsreport:x:996:

I like the idea of it being allocated from 999 downwards, and I really think dynamic allocation makes sense for many packages.  I do support the idea of predictable IDs, for packages which can trivially use shared storage (eg, mail).  For other packages (eg, webrtc2sip which I'm working with currently) it seriously doesn't matter as it'll never write to disk (other than the log files ...). Heck, even if it could, sharing that state wouldn't make much sense either.  Even something like asterisk being predictable makes sense, since /var/spool/asterisk/monitor (and a few others, as we currently are) could be shared between multiple hosts.

Kind Regards,

Jaco Kroon

On 2019/08/01 22:01, Mike Gilbert wrote:

On Thu, Aug 1, 2019 at 3:04 PM Jaco Kroon <jaco@uls.co.za> wrote:

Hi,

Looking at the new eclasses for acct-user and acct-group.

These enforce that a group and user id should be set.

This is not a requirement for enewuser nor enewgroup.

The new eclasses require you to set a fixed id, but they do not
enforce that the id is available by default. If the id is taken
already, it will allocate a new one.

User/group 0 is pretty much guaranteed to always exist, so you could
set ACCT_{GROUP,USER}_ID=0 to trigger the desired behavior.

If you're feeling crazy, this will get you a random assignment between
1 and 999, with the same fallback logic.

ACCT_GROUP_ID=$(( RANDOM % 998 + 1 ))