Re: Fedora User Management (revisited)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Mar 08, 2007 at 09:48:29AM -0500, Simo Sorce wrote:
> On Tue, 2007-03-06 at 15:34 -0500, Matthew Miller wrote:
> > On Tue, Mar 06, 2007 at 09:28:46PM +0100, Nicolas Mailhot wrote:
> > > >  It only 
> > > > solves a few rare use cases and it's causing real problems.  
> > > If you call "rare use cases" every server that didn't snatch a sub-100
> > > uid while there where some room left
> > 
> > To be clear, I'm only in favor of getting rid of it if some other way of
> > rationally assigning fixed user ids is phased in.
> 
> 
> Sorry to jump in in the middle of the discussion, but I really don't get
> why you should have fixed uids.
> Sure 1-100 is a too tiny space, Fedora should probably begin to reserve
> 1-1000 or maybe 1-10000 for "system/packages" uids.
> You can't fix the size problem switching from dynamic to fixed uids so I
> don't see the point.

FWIW we do have reserved space of up to 499. It's just that we call
the first 100 fixed and the rest is randomly assigned (in a sequential
bottom-to-top order).

Note that there is an ancient discussion/bugzilla about having useradd
-r assing from top to bottom. That would be a first step in allowing
to lift the crossover line from fixed to non-fixed system accounts
from say 100 to 150 or 200 after some transition time (counted in
years probably).

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=190523#c4:

| And if /usr/share/doc/setup-*/uidgids reserves a new slot in the
| future it is very likely that useradd -r will already have a
| dynamical user from another package sitting on it. E.g. the setup is
| not future-proof.
| 
| So in order to not let this conflict happen neither with outsynced
| packages vs /usr/share/doc/setup-*/uidgids or any futrure new static
| uids/gids it makes sense to have useradd -r reserve dynamic
| udis/gids from the top of the available range. We do have ~400
| uids/gids reserved for dynamical assignment and starting at 100 is
| asking for trouble now that the first 100 static id have been
| assigned. Alternatively you could raise the starting uid/gid bar
| from 100 to 150 or 200, but starting at the top and eating through
| to the bottom is better IMHO.

-- 
Axel.Thimm at ATrpms.net

Attachment: pgpTLlRJq43j3.pgp
Description: PGP signature

--
Fedora-maintainers mailing list
Fedora-maintainers@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-maintainers
--
Fedora-maintainers-readonly mailing list
Fedora-maintainers-readonly@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-maintainers-readonly

[Index of Archives]     [Fedora Users]     [Fedora Development]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]

  Powered by Linux