Bug#3036: automatic adduser/addgroup in postinst (was Re: fingerd)

[Ian Jackson <ian@chiark.chu.cam.ac.uk>]

Mark Eichin writes ("Re: Bug#3036: automatic adduser/addgroup in postinst (was Re: fingerd)"):
...
> >  anything that needs 8 compiled-in uids is being
> > gratuitous in its use of an obviously limited resource.
>
> Not sure what's "obviously limited" about uids (other than that
> they're only 16 bit, welcome to the 70's :-) but in this case it
> *does* need distinct uid's as part of it's security design. (See,
> unlike sendmail, it *has* a security design :-)

Compiled-in uids need to be the same across all systems (potentially)
running the same binary, and have a large chance of clashing with uids
allocated locally for other purposes.  Therefore we can only alloocate
a small range (0-99 and perhaps some high ones) for centrally and
statically allocated immutable uids.

Does qmail do the uid lookups at runtime, or can it be made to ?  If
so then that would be better, because then it can use uids which have
been allocated by adduser according to whatever policy the local
sysadmin sets in the adduser.conf (when adduser is fixed ...)

Ian.