| 1 |
>>>>> On Mon, 09 Dec 2019, Michał Górny wrote: |
| 2 |
|
| 3 |
> My proposal would be to: |
| 4 |
|
| 5 |
> a. split the UID/GID range into 'high' (app) and 'low' (system) |
| 6 |
> assignments, 'high' being >=100 and 'low' <100 (matching Apache suEXEC |
| 7 |
> defaults), |
| 8 |
|
| 9 |
Good, but can we make these ranges more explicit please, like 100..499 |
| 10 |
for "high" and 0..99 for "low"? (But 100 is special too, I guess?) |
| 11 |
|
| 12 |
> b. UIDs/GIDs in the 'high' range can be taken arbitrarily |
| 13 |
> (recommending taking highest free), |
| 14 |
|
| 15 |
I'd say something like this: |
| 16 |
|
| 17 |
"b. UIDs/GIDs in the 'high' range can be taken arbitrarily and are |
| 18 |
assigned on a FCFS basis. IDs used upstream or by other distros can |
| 19 |
serve as a loose guideline. Otherwise, taking the highest free number |
| 20 |
in the range is recommended." |
| 21 |
|
| 22 |
> while in the 'low' range must be approved by QA, |
| 23 |
|
| 24 |
> c. no review requirement for the 'high' range, just choose your |
| 25 |
> UID/GID straight of uid-gid.txt and commit it, |
| 26 |
|
| 27 |
> d. strong recommendation to use matching UID/GID for the same |
| 28 |
> user/group name. |
| 29 |
|
| 30 |
Ulrich |
Archives