Re: Static/dynamic uids/gids allocation
Ian Jackson <ian@chiark.greenend.org.uk> writes:
> User and group space allocation and ranges
>
> Some uids and gids are reserved globally for use by certain packages.
> Because some packages need to include files which are owned by these
> users or groups, or need the ids compiled into binaries, these ids
> must be used on any Debian system only for the purpose for which they
> are allocated. This is a serious restriction, and we should avoid
> getting in the way of local administration policies. In particular,
> many sites allocate users and/or local system groups starting at 100.
This should not be an issue an issue at all. Packages should not rely
on any but the most basic numeric uids and gids. So, I guess I agree
with you.
I'm also pleased that your numbering scheme is quite similar to one
that I developed during my later days at Yggdrasil, but never did much
with. Mine is a bit different in a few respects. The number ranges
are more partitioned and more space is allocated for local use.
Ian, perhaps you would incorporate the idea of subpartitioning the
0-99 range into your draft proposal. I think it could be helpful.
This also includes some actual uid and gid numbers that I based on the
"consensus" of the /etc/passwd and /etc/group of 4.4BSD, SunOS, and
the Debian, Slackware, MCC, and Yggdrasil Linux distributions.
===== USERS =====
* means this user is not recommended
? means we don't know if this should be local or global
(0-19) BASIC USERS
0 root Lord of the Files
1 daemon Background daemon
2* bin Software
3* sys Operating system
4 adm System administration
The rest of them are not yet numbered, but tentative ranges have been
defined...
(20-59) PROGRAM/SERVICE SPECIFIC USERS
uucp, nuucp Unix-to-Unix copy
sync flush buffers
? postgres Postgres database
mail Mail
gnats GNU Project Report Management System
? majordom Majordomo mail list server
man Manual pages
halt Halt system
reboot Reboot system
news News
(60-99) LOCAL PROGRAMS/SERVICES
(100-1000) PSEUDO USERS
ftp Anonymous FTP directory
guest Guest account
demo Demonstration account
(1000-65533) USERS
1000 user User
65534 nobody Standard nobody user
--
RATIONALE:
"news" vs "usenet": "news" is used by almost all Linux distributions.
bin: I recommend not including "bin" in the group file and using
"root" instead. This is because "root" can be used just as well and
because the "bin" user and group have been linked to a number of
security holes.
sys: this serves little useful purpose. I recommend removing it and
using "root" instead.
root, daemon, adm: most Linux systems concur on placement and the
existance of these. Daemon is standard and "adm", while not really
needed, can be useful.
nobody: 65534 is the correct value (-2). 65535 (-1) is not. -1 should
not be used since -1 is often returned as an error code for some
uid/gid functions and is the cause of one or more security holes.
===== GROUPS =====
* means this group is not recommended
(0 to 19) BASIC GROUPS/SYSTEM DEVICES
0 root System administrator
1 daemon Background daemon
2* bin Software
3* sys Operating system
4 adm Administrative files
5 tty Terminals
6 disk Fixed disks
7 lp Line printers, hercules monitor port
8 mem, kmem Memory, kernel memory
The rest of them are not yet numbered, but tentative ranges have been
defined...
(20 to 39) USER DEVICES
floppy Removable block devices (floppy, Bernoulli drives, ...)
tape Tape devices
cdrom CD-ROMs
dialout Dial-out (kermit, minicom, dip, chat, etc.)
audio Speaker or sound card
scanner Scanning devices
(40 to 59) SYSTEM FILES
doc Online documentation
games Game score files
ftp Anonymous FTP files
mail Mail spool
src Source code
(60 to 79) USER FILES/DISKS
dos DOS partition
os2 OS/2 HPFS partition
(80 to 99) RESERVED FOR LOCAL USE
none
(100-999) USER GROUPS (LOCAL)
100 users Generic users
999* nobody System V _only_ (release III?) -- (leave 999 undefined)
(1000-65533) RESERVED FOR PER-USER GROUPS
If per-user groups are being used, then this is a direct
mapping from UID to GID. All UID's do not necessarily have to
be used, but every per-user group should directly match a
user.
(65534) nobody Standard nobody group, sometimes named "nogroup"
--
RATIONALE:
gid 0: "root" was chosen over "system" and "wheel" because:
- it is more common in the Linux community
- shows a clear relationship to the "root" user
- looks good and it is quicker to type
- GNU `su' doesn't support the "wheel" group
- some systems may use "sys" as group 3
mem/kmem: "mem" tended to be gid 8 on Linux systems. Some Linux systems
had "kmem" as gid 9, but we decided to merge the two because:
- Linux MAKEDEV was only using one of them
- there is no real advantage in having both "mem" and "kmem"
dialout: This is "uucp", "dialout", "dip", etc. merged into one
cohesive group. Most serial devices should be owned by root.dialout.
nobody: 65534 is the correct value (-2). 65535 (-1) is not. -1 should
not be used since -1 is often returned as an error code for some
uid/gid functions and is the cause of one or more security holes.
operator: an operator group was not included. "disk" group includes
most of the traditional advantages of the "operator" group (fsck'ing,
adding swap, etc.)
bin: I recommend not including "bin" in the group file and using
"root" instead. This is because "root" can be used just as well and
because the "bin" user and group have been linked to a number of
security holes.
sys: this serves little useful purpose. I recommend removing it and
using "root" instead.
daemon, adm, tty, disk, lp: these were all useful and Linux systems
concured (more or less) on the numbering.
We're leaning towards leaving 2 and 3 blank (for sites who MUST have
bin) rather than putting other names into those positions, but I'm not
sure.
--
Daniel Quinlan <quinlan@pathname.com> | finger quinlan@pathname.com for PGP
quinlan@transmeta.com (at work) | http://www.pathname.com/~quinlan/
--
This message was distributed manually by Bruce@debian.org after the list
initially failed to distribute it.
Reply to: