| 1 |
>>>>> On Thu, 11 Nov 2021, James Cloos wrote: |
| 2 |
|
| 3 |
> gentoo definitely should not permit fixed use for installed packages |
| 4 |
> in the 500-600 range. |
| 5 |
|
| 6 |
> 500+ was for many, many years the start for users, and forcing anyone |
| 7 |
> to change decades-long use of particular uids or gods is not |
| 8 |
> acceptable. |
| 9 |
|
| 10 |
> really all of 101-499,701-999,60000-{nobody--} should be dynamic. |
| 11 |
|
| 12 |
> and 500-700 never touched by the distribution. |
| 13 |
|
| 14 |
I have a snapshot of a Gentoo system from 2004 (sys-apps/shadow-4.0.3-r9 |
| 15 |
and sys-apps/pam-login-3.14). Its login.defs has the following: |
| 16 |
|
| 17 |
# |
| 18 |
# Min/max values for automatic uid selection in useradd |
| 19 |
# |
| 20 |
UID_MIN 1000 |
| 21 |
UID_MAX 60000 |
| 22 |
|
| 23 |
I see the same values in sys-apps/shadow/files/login.defs for the first |
| 24 |
version of shadow in the tree (sys-apps/shadow-19990827-r1, committed on |
| 25 |
2000-08-02). |
| 26 |
|
| 27 |
So, I would conclude that Gentoo always used 1000 as minimum UID. |
| 28 |
|
| 29 |
We could of course leave a gap for now, and allocate only 600..799. |
| 30 |
This would leave the 500s for compatibility with very old systems. |
| 31 |
It would have the additional advantage that we get an earlier warning |
| 32 |
once the new range will be almost full. Even if we then allow IDs in the |
| 33 |
60000s range, we presumably should keep some reserves of low IDs for |
| 34 |
packages that really need them to be there. |
| 35 |
|
| 36 |
Ulrich |
Archives