From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-dev+bounces-89609-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id 937B4138334
	for <garchives@archives.gentoo.org>; Mon,  9 Dec 2019 10:00:53 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 7EB80E0841;
	Mon,  9 Dec 2019 10:00:49 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 32F75E0817
	for <gentoo-dev@lists.gentoo.org>; Mon,  9 Dec 2019 10:00:49 +0000 (UTC)
Received: from a1i15 (a1i15.kph.uni-mainz.de [134.93.134.92])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	(Authenticated sender: ulm)
	by smtp.gentoo.org (Postfix) with ESMTPSA id 1A00634D8A0;
	Mon,  9 Dec 2019 10:00:46 +0000 (UTC)
From: Ulrich Mueller <ulm@gentoo.org>
To: =?utf-8?B?TWljaGHFgiBHw7Nybnk=?= <mgorny@gentoo.org>
Cc: gentoo-dev@lists.gentoo.org
Subject: Re: [gentoo-dev] [RFC] Revisiting GLEP 81 (acct-*) policies
 (reviews, cross-distro syncing)
References: <84a435bffe460efd2620ceec0c0405fa18a7937b.camel@gentoo.org>
	<w6g1rtd3kbf.fsf@kph.uni-mainz.de>
Date: Mon, 09 Dec 2019 11:00:43 +0100
In-Reply-To: <w6g1rtd3kbf.fsf@kph.uni-mainz.de> (Ulrich Mueller's message of
	"Mon, 09 Dec 2019 10:44:04 +0100")
Message-ID: <w6gsglt24z8.fsf@kph.uni-mainz.de>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.0.50 (gnu/linux)
Precedence: bulk
List-Post: <mailto:gentoo-dev@lists.gentoo.org>
List-Help: <mailto:gentoo-dev+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-dev+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-dev+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-dev.gentoo.org>
X-BeenThere: gentoo-dev@lists.gentoo.org
Reply-to: gentoo-dev@lists.gentoo.org
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
	micalg=pgp-sha256; protocol="application/pgp-signature"
X-Archives-Salt: 1ab18c30-e99b-48df-a319-39fd4ca05d77
X-Archives-Hash: 1ecdda849315e26993b380aa00232055

--=-=-=
Content-Type: text/plain

>>>>> On Mon, 09 Dec 2019, Ulrich Mueller wrote:

>> a. split the UID/GID range into 'high' (app) and 'low' (system)
>> assignments, 'high' being >=100 and 'low' <100 (matching Apache suEXEC
>> defaults),

> Good, but can we make these ranges more explicit please, like 100..499
> for "high" and 0..99 for "low"? (But 100 is special too, I guess?)

I just see that the default /etc/login.defs has SYS_UID_MIN=101 and
SYS_GID_MIN=101.

Ulrich

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEZlHkP3TnuTbxrN0HwwkGhRxhwnMFAl3uG0sACgkQwwkGhRxh
wnM9AQf/eKDlmkXnDjcS9unPbmp7pj1WlZBODpOiVAuApiBExAjQtHuOjmal0N/C
O9bXEXSym64kPn0RP6wcDZJ9+Eci/ZHtffmGKR9tEQ3J75cTil1ASvCSZjwWLUdH
AZYxoVS+QJFkxvy74uf2Xb4W0CdXtJMrUyWVqjsGLKjkMN9UqIn5ITkpl6W6PTRq
vcMsbZ6MwM1XxunC6NZpOI9E2uH9RptNMXDJnwrkekFv+o7QufAAqA6S3rYJpYB7
rD/7whBnrhoCwRBQ2Oqm7twPmmdf3G3YG28kGjNSxGFXj81KLecswXQ8tOg8eiYB
GmGI6qzHr0ARH1nZY6sGU5PoPp4LfA==
=Vahw
-----END PGP SIGNATURE-----
--=-=-=--