[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Policy 9.2.2: s/should/must/ for add{user,group} --system?



On Sat, Feb 07, 2004 at 02:07:50PM +0100, Bill Allombert wrote:
> On Sat, Feb 07, 2004 at 01:50:57PM +0100, Siggy Brentrup wrote:
> > after being bitten by packages allocating system
> > groups with gids > 1000, I'm filing bugreports
> > against these packages.
> 
> May I ask which ?

When realizing it, I had the following groups (FTTOMH):
  sslwrap:1001:
  snort:1002:
  postfix:1003:
  postdrop:1004:
  
Postfix has fixed it since long (Bug #176905), dunno how it
slipped in, this machine was installed end December using a
sarge netinst CD from November.

On an up to date sarge
  sslwrap     2.0.6-12
  snort-pgsql 2.0.2-2
still don't use --system on addgroup.

> >     Dynamically allocated system users and groups. Packages which need a
> >     user or group, but can have this user or group allocated dynamically
> >     and differently on each system, *should use adduser --system* to
> >     create the group and/or user. adduser will check for the existence
> >     of the user or group, and if necessary choose an unused id based on
> >     the ranges specified in adduser.conf. 
> > 
> > (emphasis by me)
> > 
> > What do you think?
> 
> It is my understanding that the `should' above refer specifically to the 
> use of `adduser --system', and not of the 100-999 range.
> 
> I would regard any violation of the uid/gid range given in this section
> as a serious policy violation by regard of the amount of breakage it
> cause.

Seconded, but still there is no 'must' or 'required' in 9.2.2

That's why I'm bringing it up.

. Siggy

Attachment: signature.asc
Description: Digital signature


Reply to: