[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Chapter 15. Users & Groups: mininal UID for normal Users

Previously Johannes Poehlmann wrote:
> Here are some observed values: (Please add yours for Systems not listed yet)

Debian info below. I think we can drop the 30000-59999 reservation, I
don't see why we need that one.

          Globally allocated by the Debian project, the same on every
          Debian system.  These ids will appear in the `passwd' and `group'
          files of all Debian systems, new ids in this range being added
          automatically as the `base-passwd' package is updated.

          Packages which need a single statically allocated uid or gid
          should use one of these; their maintainers should ask the
          `base-passwd' maintainer for ids.

          Dynamically allocated system users and groups.  Packages which
          need a user or group, but can have this user or group allocated
          dynamically and differently on each system, should use ``adduser
          --system'' to create the group and/or user.  `adduser' will check
          for the existence of the user or group, and if necessary choose
          an unused id based on the ranged specified in `adduser.conf'.

          Dynamically allocated user accounts.  By default `adduser' will
          choose UIDs and GIDs for user accounts in this range, though
          `adduser.conf' may be used to modify this behavior.


          Globally allocated by the Debian project, but only created on
          demand.  The ids are allocated centrally and statically, but the
          actual accounts are only created on users' systems on demand.

          These ids are for packages which are obscure or which require
          many statically-allocated ids.  These packages should check for
          and create the accounts in `/etc/passwd' or `/etc/group' (using
          `adduser' if it has this facility) if necessary.  Packages which
          are likely to require further allocations should have a `hole'
          left after them in the allocation, to give them room to grow.


          User ``nobody'.'

          `(uid_t)(-1) == (gid_t)(-1)'.  NOT TO BE USED, because it is the
          error return sentinel value.


 /       Nothing is fool-proof to a sufficiently talented fool     \
| wichert@cistron.nl                  http://www.liacs.nl/~wichert/ |
| 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0  2805 3CB8 9250 2FA3 BC2D |

Reply to: