>>>>> On Mon, 09 Dec 2019, Michał Górny wrote:

> My proposal would be to:

> a. split the UID/GID range into 'high' (app) and 'low' (system)
> assignments, 'high' being >=100 and 'low' <100 (matching Apache suEXEC
> defaults),

Good, but can we make these ranges more explicit please, like 100..499
for "high" and 0..99 for "low"? (But 100 is special too, I guess?)

> b. UIDs/GIDs in the 'high' range can be taken arbitrarily
> (recommending taking highest free),

I'd say something like this:

"b. UIDs/GIDs in the 'high' range can be taken arbitrarily and are
assigned on a FCFS basis. IDs used upstream or by other distros can
serve as a loose guideline. Otherwise, taking the highest free number
in the range is recommended."

> while in the 'low' range must be approved by QA,

> c. no review requirement for the 'high' range, just choose your
> UID/GID straight of uid-gid.txt and commit it,

> d. strong recommendation to use matching UID/GID for the same
> user/group name.

Ulrich