On 05/25/2011 12:30 AM, Dennis Gilmore wrote: > On Tuesday, May 24, 2011 10:25:44 AM Toshio Kuratomi wrote: >> On Tue, May 24, 2011 at 1:59 AM, Peter Vrabec<pvrabec@xxxxxxxxxx> wrote: >>> Hi all, >>> >>> I'd like to inform you that I have changed UID_MIN& GID_MIN from 500 to >>> 1000 in upgraded shadow-utils. >>> >>> Where? >>> /etc/login.defs. >>> shadow-utils-4.1.4.3-1.fc16 >>> >>> I suppose UID/GID_MIN=1000 is more common(other distros, upstream). We >>> are not in situation that 500 IDs for system accounts ought to be enough >>> for anybody. Actually, it was not 500.It was 299 because range 0-200 is >>> for reserved IDs. There are 799 non reserved IDs for system accounts >>> available after this change. >> This change should be made as a Feature for F16 and needs some >> thought/coordination put behind it. There's several issues that I >> see: >> >> * AFAIK, we actually have not run into the 500 uid limit yet (although >> it is a bit low to be comfortable) >> * AFAIK, we've only allocated the range 0-100 for reserved IDs. >> * The 0-100 reserved IDs are actually the pain point that we need to >> deal with, not the dynamic system ids in the 101-499 range. >> * We don't know how many, if any IDs this actually gets us for the >> dynamic range because any site that has already filled the 500-1000 >> UID range won't gain any extra dynamic system account through this >> change. >> * This could potentially break sites that are currently using the >> 500-1000 UID range and rely on the order of allocation of UIDs for >> their users on new machines matching with the UIDs on old machines. >> (For instance, NFS UIDs on filesystems matching between a box >> installed with RHEL5 and a box that gets newly installed with F16). >> >> -Toshio > Im with Toshio here there is potential pitfalls with many legacy systems. > there is also great potential that system ids from newer systems will clash > with legacy ids in ldap and nis setups, we really should make it a feature as > it really deserves to be widely anounced. not quietly on the list here where > it will likely get forgoten until users are bitten when they start deploying > f16 boxes. > > Dennis Agreed Is there a distro wide/*nix wide agreement on what and which range reserved/system IDs are supposed to be? If there is not a general consciousness regarding reserved/system IDs and what they are supposed to be there will always be the risk of colliding with ids on other distribution and *nix platforms. I recommend this be made a feature and the feature owners contact at least all major distributions and potentially other *nix platforms and distro/*nix wide consciousness be made and when this change is made that change would reflect the consciousness that was reached. JBG -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
