Bug#329701: Local (non-NIS) users and groups

To: Teddy Hogeborn <teddy@fukt.bth.se>
Cc: 329701@bugs.debian.org
Subject: Bug#329701: Local (non-NIS) users and groups
From: Mark Brown <broonie@sirena.org.uk>
Date: Sun, 11 Dec 2005 15:17:52 +0000
Message-id: <[🔎] 20051211151752.GA8016@sirena.org.uk>
Reply-to: Mark Brown <broonie@sirena.org.uk>, 329701@bugs.debian.org
In-reply-to: <[🔎] 87oe3qv5xz.fsf@tower.fukt.bth.se>
References: <87d87fx5ta.fsf@hubert.fukt.hk-r.se> <87u0gc7q25.fsf@tower.fukt.bth.se> <20050922220317.GB7373@sirena.org.uk> <[🔎] 87zmnavqk1.fsf@tower.fukt.bth.se> <[🔎] 20051209110803.GB3677@sirena.org.uk> <[🔎] 87oe3qv5xz.fsf@tower.fukt.bth.se>

On Fri, Dec 09, 2005 at 12:57:28PM +0100, Teddy Hogeborn wrote:

> And it's not like this would be changed on a running system, right?
> It would just be the default value in /var/yp/Makefile for new package
> installations for new NIS master servers.

That is not the case.  /var/yp/Makefile is a conffile and so will be
updated if it hasn't been modified.

> And I'm not actually seeing a conflict with policy in this case, since
> policy does not mention NIS exporting at all.

Policy and all the other packages in Debian that care about these things 
say that GIDs in the range 100-999 are reserved for dynamically
allocated system users and groups.  Since exporting random automatically
created users and groups tends to cause hassle NIS does not export those
ID ranges by default.

> If you want to touch ground you (as the actual maintainer you might
> get more responses than I got) could ask debian-policy if anyone would
> OBJECT to the change.  (From what I can see, absolutely no one on
> -policy cares about this, since I have asked about this on two
> occasions now and both times gotten no reply whatsoever.)

You might find that coming up with a concrete proposal for policy might
help there.

> The only thing I can foresee delaying this change is if you really
> want to be CERTAIN that no one does "adduser --system --group" 400
> times and suddenly gets into the exported GID range (not that I see
> anyone actually doing that, but...).  If you want to avoid even that
> remote possibility, this change should be coordinated with a change in
> the "adduser" package to lower LAST_SYSTEM_UID in /etc/adduser.conf.

That would probably help too.  A patch implementing support for the new
GID range you want to add might also be helpful.

> Is this what you want?  Would you be willing to make the change if the
> maintainers for "adduser" were, too?

What I want is for any change in the default handling of UID and GID
ranges in NIS to be made in other parts of Debian too.  I am not going
to unilaterally make this change in the NIS package.  You are asking me
to have the NIS package take part of an existing GID range and give it a
new meaning without updating anything else in Debian to understand this.
I don't think that's a good idea.

It is very easy for people who want this behaviour to change their local
configuration suitably.  Doing it in NIS alone will at best provide a
small part of what you are asking for and may actually cause breakage.

-- 
"You grabbed my hand and we fell into it, like a daydream - or a fever."

Attachment: signature.asc
Description: Digital signature

Reply to:

Follow-Ups:
- Bug#329701: Local (non-NIS) users and groups
  - From: Teddy Hogeborn <teddy@fukt.bth.se>

References:
- Bug#329701: Local (non-NIS) users and groups
  - From: Teddy Hogeborn <teddy@fukt.bth.se>
- Bug#329701: Local (non-NIS) users and groups
  - From: Mark Brown <broonie@sirena.org.uk>
- Bug#329701: Local (non-NIS) users and groups
  - From: Teddy Hogeborn <teddy@fukt.bth.se>

Prev by Date: Re: Debian Menu policy leads to confusion
Next by Date: Bug#329701: Local (non-NIS) users and groups
Previous by thread: Bug#329701: Local (non-NIS) users and groups
Next by thread: Bug#329701: Local (non-NIS) users and groups
Index(es):
- Date
- Thread