From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id E392F158086 for ; Sat, 13 Nov 2021 10:09:07 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 072BD2BC1F5; Sat, 13 Nov 2021 10:09:03 +0000 (UTC) Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id E2C562BC1EB for ; Sat, 13 Nov 2021 10:09:01 +0000 (UTC) From: Ulrich Mueller To: James Cloos Cc: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] Don't use UIDs and GIDs below 100 without QA approval In-Reply-To: (James Cloos's message of "Thu, 11 Nov 2021 17:07:33 -0500") References: Date: Sat, 13 Nov 2021 11:08:51 +0100 Message-ID: User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-Archives-Salt: 4d8e6eda-9f3f-4ca9-820f-18dc75b5f718 X-Archives-Hash: 85c7d5a4701952b95b5cbc56b8394fe9 --=-=-= Content-Type: text/plain >>>>> On Thu, 11 Nov 2021, James Cloos wrote: > gentoo definitely should not permit fixed use for installed packages > in the 500-600 range. > 500+ was for many, many years the start for users, and forcing anyone > to change decades-long use of particular uids or gods is not > acceptable. > really all of 101-499,701-999,60000-{nobody--} should be dynamic. > and 500-700 never touched by the distribution. I have a snapshot of a Gentoo system from 2004 (sys-apps/shadow-4.0.3-r9 and sys-apps/pam-login-3.14). Its login.defs has the following: # # Min/max values for automatic uid selection in useradd # UID_MIN 1000 UID_MAX 60000 I see the same values in sys-apps/shadow/files/login.defs for the first version of shadow in the tree (sys-apps/shadow-19990827-r1, committed on 2000-08-02). So, I would conclude that Gentoo always used 1000 as minimum UID. We could of course leave a gap for now, and allocate only 600..799. This would leave the 500s for compatibility with very old systems. It would have the additional advantage that we get an earlier warning once the new range will be almost full. Even if we then allow IDs in the 60000s range, we presumably should keep some reserves of low IDs for packages that really need them to be there. Ulrich --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQFDBAEBCAAtFiEEtDnZ1O9xIP68rzDbUYgzUIhBXi4FAmGPjrQPHHVsbUBnZW50 b28ub3JnAAoJEFGIM1CIQV4uOnEH/3kNipmYrDXi5rNlzSjBwnByaIkkFiDDgU3Q w0O5PtuvpsqDfhXTIZpU/1fmnI8p8t+1Y7/EJMt8iQE4hal7NURuxssk9/MbTtiK nKD0N3WPHz+tpvZvpTIJJNt0ZahQaXsVwK7KjrjJOIi/4L622Fb8TAnI74ElA4cb aCImJBuXkj/jMybhqMHXKTZhpLCUYxvQww8M1gm1Rx7XwSYZSEI+ikyliHqe7ypt fYObrlT6dds88jonEQ3RJFYcVmr+Y9301HMBjOE5j0cHfuoXXJ9p7MHxnT5/xTm6 +vvBM8BfHe6Zdt/8jy2TCsHJl60/UvabWZaDNf8S35o3C9l6+fA= =QVH5 -----END PGP SIGNATURE----- --=-=-=--