On Sat, Feb 07, 2004 at 02:07:50PM +0100, Bill Allombert wrote: > On Sat, Feb 07, 2004 at 01:50:57PM +0100, Siggy Brentrup wrote: > > after being bitten by packages allocating system > > groups with gids > 1000, I'm filing bugreports > > against these packages. > > May I ask which ? When realizing it, I had the following groups (FTTOMH): sslwrap:1001: snort:1002: postfix:1003: postdrop:1004: Postfix has fixed it since long (Bug #176905), dunno how it slipped in, this machine was installed end December using a sarge netinst CD from November. On an up to date sarge sslwrap 2.0.6-12 snort-pgsql 2.0.2-2 still don't use --system on addgroup. > > Dynamically allocated system users and groups. Packages which need a > > user or group, but can have this user or group allocated dynamically > > and differently on each system, *should use adduser --system* to > > create the group and/or user. adduser will check for the existence > > of the user or group, and if necessary choose an unused id based on > > the ranges specified in adduser.conf. > > > > (emphasis by me) > > > > What do you think? > > It is my understanding that the `should' above refer specifically to the > use of `adduser --system', and not of the 100-999 range. > > I would regard any violation of the uid/gid range given in this section > as a serious policy violation by regard of the amount of breakage it > cause. Seconded, but still there is no 'must' or 'required' in 9.2.2 That's why I'm bringing it up. . Siggy
Attachment:
signature.asc
Description: Digital signature