Bug#1006976: what about dynamically allocated groups?

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#1006976: what about dynamically allocated groups?
From: Marc Haber <mh+debian-packages@zugschlus.de>
Date: Wed, 09 Mar 2022 20:49:41 +0100
Message-id: <[🔎] 164685538125.203388.14658908729245278135.reportbug@drop.zugschlus.de>
Reply-to: Marc Haber <mh+debian-packages@zugschlus.de>, 1006976@bugs.debian.org

Package: debian-policy
Version: 4.6.0.1
Severity: minor

Hi,

9.2.2 distinguishes between

100-999:
   Dynamically allocated system users and groups.

and

1000-59999:
   Dynamically allocated user accounts.

This wording is a bit confusing, but this is probably caused by the
ambiguity between users and accounts. I am also astonished that the
1000-59999 GIDs are not mentioned in policy, or is a group also a very
special kind of account? Probably yes, at least that's what groupadd's
docs say. So the easiest way to solve this and to be consistent with
passwd/shadow would be:

How about:

100-999:
   Dynamically allocated system user and system group accounts.
   Packages which need a user or group, but can have them and their
   UID/GIDs allocated dynamically and differently on each system, should
   use "adduser --system" or "addgroup --system" to create them as
   needed.  These tools will check for the existence of the user or
   group, and if necessary choose an unused id based on the ranges
   specified in "adduser.conf".

1000-59999:
   Dynamically allocated user and group accounts. By default "adduser"
   and "addgroup" will choose UIDs and GIDs for user and group accounts
   in this range, though "adduser.conf" may be used to modify this
   behavior.

Greetings
Marc

Reply to:

Prev by Date: Bug#1006912: is it time to have account deletion in policy?
Next by Date: Bug#1006912: is it time to have account deletion in policy?
Previous by thread: MAIL SUPPORT
Next by thread: Someone Sent You Some Fle(s) Via packages.debian.org Doc Share
Index(es):
- Date
- Thread