Re: should not specify default group for users

To: Alan Cox <alan@lxorguk.ukuu.org.uk>
Cc: lsb-spec@lists.linuxbase.org
Subject: Re: should not specify default group for users
From: gk4@us.ibm.com
Date: Tue, 21 Mar 2000 12:20:27 -0600
Message-id: <[🔎] 852568A9.0065B818.00@d54mta08.raleigh.ibm.com>



>We should specific the numeric range as below 100. Putting my vendor hat
>on I can assure you that customers demand this already. having
accidentally
>strayed into the >=100 territory we got roasted for it and the customers
>expected us to keep system uids below 100. This kind of assumption is also
>compiled into tools like Apache (see suexec.c) and fits existing Unix
>standards.

The NASA Center for Computational Sciences (NCCS) recommends <= 999
reserved for sys admins.

http://sdcd.gsfc.nasa.gov/NCCS/policies/uidgid.html

Who's standard do we adopt?  Ninty-nine does not seem large enough for uid
growth.  What about the gid range?

The LSB's User & Group section currently states that "this specification
makes no attempt to numerically assign uid or gid numbers, nor try to
numericially group them.  The exception is the uid and gid for "root" which
are equal to 0, and the uid and gid for "bin" which are equal to 1.

In addition to your admin uid <= 99 proposal, should there be an admin
range for gids?

>As to the permissions problem. An administrator should be used to creating
>files with 077 netmask. The 022 netmasks and group read facilities are
>the legacies of a happy academic world that quite simply no longer exists.
>We can have that debate if you wish but I would submit whoever is correct
>documenting it in the standard in either form when both are allowed (which
>I think we agree must be the case) serves no purpose for people writing
>compliant applications.

"The default mask value is S_IWGRP|S_IWOTH (022, write access for the owner
only).  Child processes inherit the mask of the calling process."

http://dorifer.heim3.tu-clausthal.de/cgi-bin/man/umask.2.html

Being raised BSD in a SysV world, I've always assumed a umask of 022. :-)
Just because today's sys admin's are sloppy in their network filesystem
policies and procedures shouldn't change the utility of the group mask bit.
With regard to the LSB specification we should be narrowly focused on the
local filesystem and the POSIX APIs and not give much regard to NFS, AFS,
DFS, or LDAP ACLs.  We should be concerned about the affects umask has on
open, mkdir, chmod, and exec.  System admin's can do what ever they like;
however, there should be a default behavior (ie., 022).

George Kraft IV
gk4@us.ibm.com
512-838-2688; t/l 678-2688
IBM Linux Technology Center & Linux Standards

Reply to:

Follow-Ups:
- Re: should not specify default group for users
  - From: Alan Cox <alan@lxorguk.ukuu.org.uk>
- Re: should not specify default group for users
  - From: tytso@mit.edu
- Re: should not specify default group for users
  - From: tytso@MIT.EDU

Prev by Date: Re: should not specify default group for users
Next by Date: Re: should not specify default group for users
Previous by thread: Re: should not specify default group for users
Next by thread: Re: should not specify default group for users
Index(es):
- Date
- Thread