From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 3A7DF158086 for ; Sun, 28 Nov 2021 20:57:02 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id C16F42BC075; Sun, 28 Nov 2021 20:56:57 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 2DA952BC001 for ; Sun, 28 Nov 2021 20:56:57 +0000 (UTC) Received: (nullmailer pid 28179 invoked by uid 1000); Sun, 28 Nov 2021 20:56:54 -0000 Date: Sun, 28 Nov 2021 14:56:54 -0600 From: William Hubbs To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] Don't use UIDs and GIDs below 100 without QA approval Message-ID: Mail-Followup-To: gentoo-dev@lists.gentoo.org References: <0890a89e-2d43-8889-6bbb-decad15b0a2e@gentoo.org> <150906c5084995b57e940ac825bc951a81ac69f1.camel@gentoo.org> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="+5EfJim1yr9tXQDB" Content-Disposition: inline In-Reply-To: X-Archives-Salt: 12cbeca8-c9ae-4cf2-8c7e-adaac4a91cfa X-Archives-Hash: 427ca2d868a140b5963033504346387e --+5EfJim1yr9tXQDB Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Nov 28, 2021 at 02:46:24PM -0600, William Hubbs wrote: > On Sun, Nov 28, 2021 at 08:15:13PM +0100, Micha=C5=82 G=C3=B3rny wrote: > > On Sun, 2021-11-28 at 13:06 -0600, William Hubbs wrote: > > > On Sun, Nov 28, 2021 at 11:06:36AM +0100, Ulrich Mueller wrote: > > > > > > > > > On Sun, 28 Nov 2021, William Hubbs wrote: > > > >=20 > > > > > On Mon, Nov 15, 2021 at 09:36:32AM +0300, Eray Aslan wrote: > > > > > > 1/ Static allocation does not really solve a problem. Not reall= y not > > > > > > nowadays > > > > > > 2/ We cant keep adding new IDs to a distribution as new softwar= e gets > > > > > > added - one side is unbounded. This is losing game. > > > >=20 > > > > Not sure. In practice, the number of packages is limited. (And if t= he > > > > argument was valid, it would apply to dynamic alloction too.) > > > >=20 > > > > > > Switching back to dynamic allocation seems to be the best optio= n. > > > >=20 > > > > > I realize I'm very late to this party, but +1 from me also. > > > >=20 > > > > > We should use dynamic uid/git assignment by default and maybe pro= vide > > > > > a way to force certain uids/gids to be constant if users want thi= s. > > > >=20 > > > > While the rationale for static allocation that made it into GLEP 81= [1] > > > > is rather weak, several people had argued in favour of it on the ma= iling > > > > list [2]. > > > >=20 > > > > In any case, let's cross that bridge when we reach it. For now, we'= re > > > > good with 250 additional IDs. > > >=20 > > > It is inevitable that we will reach this bridge again -- whether or n= ot > > > it is in a month or a year, it will happen. > > >=20 > > > Why are we just kicking the can down the road instead of admitting th= at > > > static allocation wasn't a good idea and going back to dynamic > > > allocation? Let's find out what the people who argued for static > > > allocation think. > > >=20 > >=20 > > Why are you assuming that something "wasn't a good idea" just because > > you think so? >=20 > ulm and others on the thread also mentioned the possibility of going > back to dynamic allocation, so it isn't just me who brought it up. >=20 > I honestly am just looking for a discussion. >=20 > Do other distros statically allocate all of their system users? If not, > why do we by default? I understand why enterprise users might need to, > and they can with the glep 81 eclasses by setting uids/gids in > make.conf, but is there a reason we force the issue at the distro level > and ban -1 as the setting for ACCT_USER_ID and ACCT_GROUP_ID? >=20 > William >=20 Ok, based on floppym's response, I'm going to start a new thread. William --+5EfJim1yr9tXQDB Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iF0EABECAB0WIQTVeuxEZo4uUHOkQAluVBb0MMRlOAUCYaPtFgAKCRBuVBb0MMRl OBJOAJ4nkSTUT8+87ewjWcJzFsD9pJwXpgCbBBJUySDVoIpTqEkqtIg1Ie+psq8= =6buA -----END PGP SIGNATURE----- --+5EfJim1yr9tXQDB--