Re: Static UIDs and GIDs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 2013-04-12 at 08:28 -0700, Toshio Kuratomi wrote:
> On Fri, Apr 12, 2013 at 09:24:09AM +0200, Ondrej Vasik wrote:
> > On Thu, 2013-04-11 at 11:57 -0700, Toshio Kuratomi wrote:
> > > * New FPC members who might be able to either come up with something
> > >   different or would vote differently on this
> > > * The 1000SystemAccounts[1]_ Feature of F16 has expanded the range of static
> > >   system accounts.  However, the range is still miniscule -- we only have
> > >   from 0 to 200 and according to /usr/share/doc/setup-2.8.67/uidgid
> > >   approximately 160 of those have already been allocated
> > 
> > Just small corrections here - only 118 uids and 144 gids are reserved so
> > far. You probably did just `cat uidgid | wc -l` - which is not telling
> > you the real numbers.
> > 
> Actually, your numbers don't tell the whole story either.  I looked at the
> uidgid file and saw that current practice (apparently, even when we had hit
> the 100 limit and theoretically our only option would have been to fill
> these gaps in the sub-100 range unless the static uids that were allocated
> pre-1000SystemAccounts were then changed afterwards... which I assume didn't
> happen since it would make them non-static) and saw that when a service
> received only a uid it blocked the gid that it was paired with and the same
> for gid.  For instance: quaggavt uses only gid 85 but not thee uid.  sabayon
> uses uid 86 and gid 86 instead of uid 85 gid 86.

This is not true, gaps are used multiple times. Still gids are more
problem than uids - so in the <100 range, there are some free uids (78
reserved bellow 100), but no gids.

> So as current policy it looks like (wc -l uidgid) - 3 (for the headers and
> footers) is a better estimate than looking at the actual number of allocated
> uids and gids.

Well, "wc -l uidgid -3" (which means 159) is not better estimate. if you
actually really look into the uidgid file, you can see there are
multiple reservations where uid and gid with same number are on multiple
lines (because of different name like vdsm / kvm - 36, tape/amandabackup
33, sync/tty 5 and some others ). So the 118 uids and 145 gids is
definitely is giving better overview what's available - but especially
in the range 101-110, there are quite high possibility of conflicts
(therefore the 107 is the lowest, and it caused the troubles mentioned
in the bugzilla https://bugzilla.redhat.com/show_bug.cgi?id=924501 ). 

It doesn't matter that much, so let's stay with ~50 unreserved static
gids left in the range 0-200 - uids are not that big issue...

Greetings,
          Ondrej

--
packaging mailing list
packaging@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/packaging





[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite Forum]     [KDE Users]

  Powered by Linux