| 1 |
Grant Goodyear <g2boojum@g.o> writes: |
| 2 |
> Paul de Vrieze <pauldv@g.o> writes: |
| 3 |
> > In principle packages should never depend on any fixed user id. They |
| 4 |
> > should look at the passwd database for their uid. The only exception |
| 5 |
> > is root which has a predefined userid. |
| 6 |
> I believe that Mr. Lesser is asking how one decides on uid/gid's for |
| 7 |
> new packages that should run as something other than root. |
| 8 |
|
| 9 |
Exactly. |
| 10 |
|
| 11 |
> Unfortunately, we don't have a good answer to that question just yet. |
| 12 |
> The plan is to generate a table of already-taken uid/gid numbers |
| 13 |
> ... My best suggestion at the moment is to see what numbers debian is |
| 14 |
> using for your package, check to see if they conflict with anything we |
| 15 |
> have (take a look at the above "database" as well as the passwd and |
| 16 |
> group files at |
| 17 |
> http://cvs.gentoo.org/cgi-bin/viewcvs.cgi/gentoo-src/rc-scripts/etc/), |
| 18 |
> and go from there. |
| 19 |
|
| 20 |
And there are the problems: |
| 21 |
|
| 22 |
1. Several uid's/gid's differ from other distris (debian i.e. assigns |
| 23 |
31/32 for postgres, gentoo uses 70/70 for postgres but 31/31 for |
| 24 |
squid, so having both distris on different hosts leads to really |
| 25 |
'funny' results if you also use a central user repository or try to |
| 26 |
merge both passwd-files, see 3.) |
| 27 |
|
| 28 |
If you have a access to a running debian system look at |
| 29 |
/usr/share/base-passwd/passwd.master |
| 30 |
|
| 31 |
2. In /etc/passwd from baselayout there are several users predefined |
| 32 |
which are really unnecessary on many systems. Why do I need a user |
| 33 |
games? Or squid on a host which never runs a proxy or another proxy |
| 34 |
like oops? Etc. |
| 35 |
|
| 36 |
3. If one runs openldap for authentification and nss one don't want to |
| 37 |
maintain two sources of uid/gid's which - if you run different |
| 38 |
distris - may conflict in an odd way. |
| 39 |
|
| 40 |
IMO a clearer approach could be: |
| 41 |
|
| 42 |
1. The predefined entries in /etc/passwd should be reduced to exactly 1 |
| 43 |
entry for root, all other (system-)users could be created dynamicly |
| 44 |
by the ebuilds without assigning a fixed uid/gid. |
| 45 |
|
| 46 |
2. The current ebuilds which assign _fixed_ uids/gids could be fixed so |
| 47 |
they don't use the appropriate useradd/groupadd options any longer. |
| 48 |
|
| 49 |
I don't see any benefits of developing and/or maintaining a predefined |
| 50 |
/etc/passwd with more than exactly one entry for root. |
| 51 |
|
| 52 |
Just my 0.02$ |
| 53 |
|
| 54 |
Martin |
| 55 |
|
| 56 |
-- |
| 57 |
gentoo-dev@g.o mailing list |
Archives