Bug#1006976: what about dynamically allocated groups?
Package: debian-policy
Version: 4.6.0.1
Severity: minor
Hi,
9.2.2 distinguishes between
100-999:
Dynamically allocated system users and groups.
and
1000-59999:
Dynamically allocated user accounts.
This wording is a bit confusing, but this is probably caused by the
ambiguity between users and accounts. I am also astonished that the
1000-59999 GIDs are not mentioned in policy, or is a group also a very
special kind of account? Probably yes, at least that's what groupadd's
docs say. So the easiest way to solve this and to be consistent with
passwd/shadow would be:
How about:
100-999:
Dynamically allocated system user and system group accounts.
Packages which need a user or group, but can have them and their
UID/GIDs allocated dynamically and differently on each system, should
use "adduser --system" or "addgroup --system" to create them as
needed. These tools will check for the existence of the user or
group, and if necessary choose an unused id based on the ranges
specified in "adduser.conf".
1000-59999:
Dynamically allocated user and group accounts. By default "adduser"
and "addgroup" will choose UIDs and GIDs for user and group accounts
in this range, though "adduser.conf" may be used to modify this
behavior.
Greetings
Marc
Reply to: