[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: UID allocation policy [Re: automatic adduser/addgroup ...]

Lukas Nellen writes [ SuperCite undone - iwj ]:
> Ian Jackson <ian@chiark.chu.cam.ac.uk> writes:
> > It seems to me that sensible defaults which break fewest things are to
> > have dynamically allocated system ids to go from 100-999, and
> > dynamically allocated ids for users to go from 1000-9999.  10000-59999
> > is by default reserved for any special purposes we can come up with
> > later (but we promise that they'll be dynamically allocated too).
> As I tried to argue before, that scheme breaks (IMHO) on a lot of existing
> clusters of UN*X workstations. There, the precedence is that regular
> user accounts start at 100 or 101 and go upwards. How do you want to
> integrate a debian box using your proposed scheme into such an
> environment? 

Edit /etc/adduser.conf appropriately, before installing packages that
create dynamic system users.  Such packages can probably have their
uids reallocated after installation, if some care is taken.

>  Especially, as soon as NIS or something else gets used to
> share /etc/passwd among the clients you are forced to use identical
> UIDs for all shared accounts.
> The only way out I see is to use a different range for dynamically
> allocated system accounts and fix the software that gets broken by
> this.

With my proposal there won't be any software that gets broken, apart
from those that insist (for example) that system ids are lower than
user ones - but we can't avoid breaking them in these environments

>   That will only affect a few developers compared to affecting a
> lot of system adminstrators who will have to fix their existing
> installation to accomodate debian systems. [Or decree that no debian
> system which is member of a heterogeneous cluster is allowed to
> install packages which require dynamically allocated system accounts
> :-) ]

I think you've misunderstood my proposal.


Reply to: