Re: UID allocation policy [Re: automatic adduser/addgroup ...]
On Fri, 24 May 1996, Ian Jackson wrote:
> There is ample precedent for our allocation of 0-99 in this manner; we
> certainly can't use from 100 to at least 32K for this purpose. I'd
> therefore suggest that normal pqckages which only need 1 of these, and
> then only rarely, use ones under 100 which come in the base package's
> passwd file, and that packages which need many of them use ones over
> (say) 65000 which don't appear in the standard passwd file.
> *Both* types of package *must* check for their uids/gids in their
> maintainer scripts, so that they'll work if those entries aren't
> already present (creating them if necessary) and fail if they're used
> for something else.
> It seems to me that sensible defaults which break fewest things are to
> have dynamically allocated system ids to go from 100-999, and
> dynamically allocated ids for users to go from 1000-9999. 10000-59999
> is by default reserved for any special purposes we can come up with
> later (but we promise that they'll be dynamically allocated too).
I thought it was important that we allow user UIDs to start at 100 (101?).
Shouldn't we change the dynamically allocated system ids to be lower than
that or much higher?
Sounds to me like what we want is to be able to configure adduser to
support a number of UID ranges. Perhaps something like this:
# System accounts can have UIDs dynamically allocated in one of two
# ranges. These ranges are specified by the following variables,
# which define the lowest and highest UID for each range. In general
# the "LO" range should be below the range used for user UIDS, and the
# "HI" range should be above. The default range for the "LO" range is
# 50-99; the default range for the "HI" range is 65000-65533.
# User UIDs have a single range they can be allocated from. This
# range is specified by the following variables. FIRST_USER_UID
# defines the lowest allowable user UID. LAST_USER_UID defines the
# highest allowable user UID.
We could then create new command line options for the adduser --system
option that allows you to specify which of the system UID ranges you wish
to allocate a UID from. For example, adduser --system --hi would
allocate from the higher system UID range.
> > Given this partitioning of the work, the big issues become: what are
> > reasonable defaults? Where should this be documented? (that is, to
> > reduce the number of people affected by this issue to some kind of
> > minimum).
> I propose that we document this in the manpage for adduser and in
> /etc/adduser.conf, given that adduser is implementing the policy as
> set there and that that package contains the default policy.
I would be happy to implement the changes needed in adduser, if we can
agree on what the allocation stratagy should be.