[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: UPG and the default umask

On Thu, 20 May 2010, Raphael Hertzog wrote:

> Hi,
> On Thu, 20 May 2010, Santiago Vila wrote:
> > So I agree that the sane thing to do here is, at least, to use the
> > same default range as /etc/adduser.conf (which in turn is the range
> > defined by policy).
> > 
> > I've just modified base-files accordingly to use the UID range 1000-29999.
> I'm not sure this makes lots of sense.
> hertzog@alioth:~$ id -u maximilinux-guest
> 220227
> There are many installations out there with large numbers of users that
> simply can't respect the ranges set by the policy.
> I would simply use a minimum of 500 or 1000 to differentiate system users
> from normal users. adduser is not a required step to create accounts when
> you manage your account database in LDAP/PostgreSQL (or whatever else).
> Having a different behaviour betweent accounts simply because some are
> above the maximal limits and some are below would be counter productive.
> The policy was written when uid/gid were only 16 bits but our systems cope
> with greater number of users nowadays... maybe the policy should be
> revised on that point.

Yes, maybe we should modify policy.

But for now, current policy says UIDs over 30000 are "reserved", which means
they might or might not be "ordinary user accounts".

Those who do not use "adduser" because "they know that they are doing"
will surely be able to change /etc/profile if the default one is not
suitable for them, as it happens with every default value in the system.

If we don't follow policy closely here, we can't claim that the umask
change does only affect "ordinary user accounts" (which is what I
think the release notes for squeeze will say).

So, I'm just providing a default which is consistent with other
defaults in the system and also with policy.

If by doing so we realize as a result that policy should be modified,
let us modify policy then.

Reply to: