[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: The story behind UPG and umask.

This one time, at band camp, Tollef Fog Heen said:
> The problem is when you then run addgroup foo, every user created
> after that will not be considered to be a UPG user.  Perhaps addgroup
> shouldn't use the same gid range as what we are using for users, to
> make this problem at least smaller, if not make it go away.

I've been unhappy for one reason or another with ideas like this in the
past (gids below 100 are reserved, then there come system groups, then
usergroups starting at 1000, unless you want to interoperate with RHEL
and derivatives in which case they start at 500.  You also don't want to
pick a high range because large sites will have uids creep up from
behind, etc.  Blech)  The current arrangement isn't brilliant, but it's
at least clear that if a gid is >= 1000, it is not the gid of a system
account (unless of course it's nobody/nogroup ... :) ), although you
can't necessarily say much more than that.

I suspect it will be simplest to just add a bit of logic to adduser to
make it 'skip ahead' until it can get matching uids/gids.  This will
leave holes in both passwd and group, but that's not exactly a problem.

FWIW, I tend to agree with Roger that the added step of uid == gid
doesn't actually buy us all that much, but if other software we are
currently shipping depends on that behavior, we might as well not
deliberately break it.

|   ,''`.                                            Stephen Gran |
|  : :' :                                        sgran@debian.org |
|  `. `'                        Debian user, admin, and developer |
|    `-                                     http://www.debian.org |

Attachment: signature.asc
Description: Digital signature

Reply to: