RE: should not specify default group for users
Wichert Akkerman wrote:
>Previously Alan Cox wrote:
>> Customers want <100
>Sadly it seems that 99 uids won't be enough in the future, especially
>now that people are realizing that you should not run everything as
>daemon or nobody...
>Debian has reserved 100-999 for `dynamically allocated system users and
>groups', and we only put things in 0-99 that should always be present on
>a system. This has worked quite well for us.=20
>> Do we allocate a range very high in 32bit uid space as well ? Discuss
>>8)
>Debian has reserved the range 60000-64999 for packages that need static
>uids. (ie weird things like qmail which insist on setting a uid at
>compile-time). It's not used a lot though (qmail, fidogate, mysql and
>netplan only).
Debian metod is really well working, but it's a little too much
"particular". I propose a little change.
We should really stay <100, keeping all the traditional UNIX id(s),
and then nobody, none and nogroup at 65534 65535 (id) and 65536 (gid).
This is tradicional.
Other id, like http or ftp, should stay beetween 60000 and 65999, but this
is distribution dependent, or even better sysadmin dependent.
id 501 going on should be the first id for for system
dynamically allocated users and groups.
the id beetween 100 and 500 should just stay free, reserver for sysadmin
wishes.
about groups, avery user should be always included in users group, but he
basiccally could have his own group or be included in another restricted
users group, in front of what the sysadmin wants to do.
Luigi Genoni
Reply to: