From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 87F04158003 for ; Thu, 11 Nov 2021 10:59:34 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 511512BC0DC; Thu, 11 Nov 2021 10:59:29 +0000 (UTC) Received: from smtp.gentoo.org (mail.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 18CCDE09D9 for ; Thu, 11 Nov 2021 10:59:28 +0000 (UTC) From: Ulrich Mueller To: gentoo-dev@lists.gentoo.org Subject: [gentoo-dev] Don't use UIDs and GIDs below 100 without QA approval Date: Thu, 11 Nov 2021 11:59:16 +0100 Message-ID: User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-Archives-Salt: 51f4141d-ddfe-481c-932a-dfc8f3f0f70d X-Archives-Hash: 5bad6853520e3ab182f6399a53198fec --=-=-= Content-Type: text/plain May I remind everybody that by QA policy allocation of UIDs and GIDs in the range 0..100 needs explicit approval by the QA lead: https://projects.gentoo.org/qa/policy-guide/user-group.html#pg0901 I have fixed the used_free_uidgids.sh script such that it will no longer recommend any IDs below 101. In any case, we have run out of GIDs: Recommended GID only: none Recommended UID only: 272 Recommended UID+GID pair: none Free UIDs: 15 Free GIDs: 0 Free UID+GID pairs: 0 The question is of course how we should move forward. Certainly, using IDs below 100 cannot be the solution, as we would run out of these very soon. We could: - Open some part of the range between 500 and 1000. For example, 500..799, which would leave 200 IDs for dynamic allocation. - Open part of the range 60001..65533. Not sure if all software will be happy with that. - Admit that the concept of static allocation has failed, and return to dynamic allocation. Ulrich --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQFDBAEBCAAtFiEEtDnZ1O9xIP68rzDbUYgzUIhBXi4FAmGM94QPHHVsbUBnZW50 b28ub3JnAAoJEFGIM1CIQV4u29sH/1/7RmiX6HZ3DA1uSMnGKkA+DJS7SOJAXV0B Iriki/m3bVXa11s/02TMNdC98Zt9IF2NJSVIaGfw96oNMTVCRklsSGGsZVNe1Fak VuxnaPp/SjmrYMz8+IL1e2uXf/kagsSufBb8ETYQSXeNaqo8IHzxGkj8s44Jjmq7 53lNItIl5cxhhsN158xPE+5nH62182JwD+XQaKK6yBjh+FBTLdsjozIEoi9Hkrk2 UZgsolFhIiqNaj/S+rdjE9h2D3+AH4O155dz5uJFDZwt0evoqHU/rVZPrtNu7Uj4 l4FNHGBmH7Wt7Ocen9F2TyQzq2TpBAi2WZZMVRshjQqRSLZt+5Y= =79Hk -----END PGP SIGNATURE----- --=-=-=--