Re: UID_MIN & GID_MIN changed

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 2011-05-24 at 08:25 -0700, Toshio Kuratomi wrote:
> On Tue, May 24, 2011 at 1:59 AM, Peter Vrabec <pvrabec@xxxxxxxxxx> wrote:
> > Hi all,
> >
> > I'd like to inform you that I have changed UID_MIN & GID_MIN from 500 to 1000
> > in upgraded shadow-utils.
> >
> > Where?
> > /etc/login.defs.
> > shadow-utils-4.1.4.3-1.fc16
> >
> > I suppose UID/GID_MIN=1000 is more common(other distros, upstream). We are not
> > in situation that 500 IDs for system accounts ought to be enough for anybody.
> > Actually, it was not 500.It was 299 because range 0-200 is for reserved IDs.
> > There are 799 non reserved IDs for system accounts available after this
> > change.
> >
> This change should be made as a Feature for F16 and needs some
> thought/coordination put behind it.  There's several issues that I
> see:
> 
> * AFAIK, we actually have not run into the 500 uid limit yet (although
> it is a bit low to be comfortable)
> *  AFAIK, we've only allocated the range 0-100 for reserved IDs.
> * The 0-100 reserved IDs are actually the pain point that we need to
> deal with, not the dynamic system ids in the 101-499 range.
> * We don't know how many, if any IDs this actually gets us for the
> dynamic range because any site that has already filled the 500-1000
> UID range won't gain any extra dynamic system account through this
> change.
> * This could potentially break sites that are currently using the
> 500-1000 UID range and rely on the order of allocation of UIDs for
> their users on new machines matching with the UIDs on old machines.
> (For instance, NFS UIDs on filesystems matching between a box
> installed with RHEL5 and a box that gets newly installed with F16).

You need to force UIDs in that case anyway, and if you are not using
something like NIS or LDAP then you have to mange that manually anyways,
so I wouldn't make that a stopper for this very welcome change.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York

-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux