Passwd/Group changes proposal v1
Hi Folks.
Here is a status of the /etc/passwd and /etc/group files (aka package
base-passwd), and some changes I plan to make.
I've read the two posts on debian-devel from Ian Jackson and Daniel
Quinlan and got some inspiration from it.
There are currently 7 opened bugs against base-passwd:
4849: Qmail UIDs.
3036: Qmail UIDs.
3983: Missing trailing : in /etc/group (see down)
2895: Gnats GID.
3786: ftp entry in /etc/passwd
4295: majordomo entry in /etc/passwd
3002: conflicting GID for majordomo between group and passwd
[1] Am I missing any bug here ?
I've uploaded base-passwd-1.2.0-2 which fixed 3983 plus a minor problem with 1.2.0-1's source.
[2] Qmail:
I had agreed over the weekend with Christian Hudon <chrish@ana.libertel.montreal.qc.ca>, the qmail maintainer, to reserve him some IDs in the 70-80 range.
As Ian Jackson suggested, I think we should put these in the upper range 65000-65010, as qmail is quite UID greedy.
Note that the argument that UIDs shouldn't be allocated after 32768 because some systems still have signed short UID range isn't relevant here, as they're system UIDs, and don't need to be consistent from system to system.
I suggest fixing this in rex and bo with the following map:
PASSWD:
alias:*:65000:65534::/var/qmail/alias:/bin/sh
qmails:*:65001:65000::/var/qmail:/bin/sh
qmailr:*:65002:65000::/var/qmail:/bin/sh
qmailq:*:65003:65000::/var/qmail:/bin/sh
qmaild:*:65004:65534::/var/qmail:/bin/sh
[Reserved-1]:*:65005:65534::/var/qmail:/bin/sh
[Reserved-2]:*:65006:65534::/var/qmail:/bin/sh
GROUP
qmail:*:65000:
Christian told me in private email that he might need two additional UIDs, hence the two reserved slots. Christian, do we need these ?
This would fix 4849 and 3036.
[3] ftp entry in passwd
Peter Tobias <tobias@server.et-inf.fho-emden.de>, the maintainer of the wu-ftpd and netbase packages wants the ftp entry removed, because it points to an inexisting directory /home/ftp in the base package.
Netstd's ftp daemon would be restricted then to normal ftp (no anonymous), as it doesn't install the ftp entry, and wu-ftpd would have to be installed for anonymous ftp to work (it installs the ftp hierarchy).
I propose fixing this in bo and rex as it doesn't break anything. It would fix bug #3786.
[4] Gnats GID.
Brian C. White <bcwhite@verisim.com> would like to have a static GID for Gnats. He would prefer to have a GID of 16 and change the existing UID of gnats (currently 21) to 16. Both slots are available.
This would fix bug #3895.
Should be change this in rex, or should we wait for bo ?
[5] Majordomo
There's a problem with majordomo's passwd entry. The GID points to the wrong group (30, should be 31). This can be fixed in bo and rex I think and would close the bug #3002.
[6] Cosmetic change in /etc/group
Some entries in /etc/group (namely root and majordom) list some users as additional GIDs (root for root and majordom for majordom) while this group is their primary group. This is unnecessary and can be removed harmlessly.
*** IMPORTANT NOTE: point [5] must be fixed first otherwise the user majordom won't belong to the majordom group anymore !
Resolving point [6] would fix bug #4295
I suggest fixing it in bo and rex.
[7] Cosmetic changes for passwd and group coherency
Currently there's a bunch (ahem, two actually) of UID and GID of the same name which have different numbers. I suggest remapping them to the same ID.
NAME UID GID
majordom 30 31
postgres 31 32
I think we could defer this to bo maybe ?
Most of the points should be fixed in rex. But everything is this proposal can be discussed of course.
Waiting for your comments.
Phil.
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com
Reply to: