1 |
>>>>> On Mon, 09 Dec 2019, Michał Górny wrote: |
2 |
|
3 |
> My proposal would be to: |
4 |
|
5 |
> a. split the UID/GID range into 'high' (app) and 'low' (system) |
6 |
> assignments, 'high' being >=100 and 'low' <100 (matching Apache suEXEC |
7 |
> defaults), |
8 |
|
9 |
Good, but can we make these ranges more explicit please, like 100..499 |
10 |
for "high" and 0..99 for "low"? (But 100 is special too, I guess?) |
11 |
|
12 |
> b. UIDs/GIDs in the 'high' range can be taken arbitrarily |
13 |
> (recommending taking highest free), |
14 |
|
15 |
I'd say something like this: |
16 |
|
17 |
"b. UIDs/GIDs in the 'high' range can be taken arbitrarily and are |
18 |
assigned on a FCFS basis. IDs used upstream or by other distros can |
19 |
serve as a loose guideline. Otherwise, taking the highest free number |
20 |
in the range is recommended." |
21 |
|
22 |
> while in the 'low' range must be approved by QA, |
23 |
|
24 |
> c. no review requirement for the 'high' range, just choose your |
25 |
> UID/GID straight of uid-gid.txt and commit it, |
26 |
|
27 |
> d. strong recommendation to use matching UID/GID for the same |
28 |
> user/group name. |
29 |
|
30 |
Ulrich |