1 |
Grant Goodyear <g2boojum@g.o> writes: |
2 |
> Paul de Vrieze <pauldv@g.o> writes: |
3 |
> > In principle packages should never depend on any fixed user id. They |
4 |
> > should look at the passwd database for their uid. The only exception |
5 |
> > is root which has a predefined userid. |
6 |
> I believe that Mr. Lesser is asking how one decides on uid/gid's for |
7 |
> new packages that should run as something other than root. |
8 |
|
9 |
Exactly. |
10 |
|
11 |
> Unfortunately, we don't have a good answer to that question just yet. |
12 |
> The plan is to generate a table of already-taken uid/gid numbers |
13 |
> ... My best suggestion at the moment is to see what numbers debian is |
14 |
> using for your package, check to see if they conflict with anything we |
15 |
> have (take a look at the above "database" as well as the passwd and |
16 |
> group files at |
17 |
> http://cvs.gentoo.org/cgi-bin/viewcvs.cgi/gentoo-src/rc-scripts/etc/), |
18 |
> and go from there. |
19 |
|
20 |
And there are the problems: |
21 |
|
22 |
1. Several uid's/gid's differ from other distris (debian i.e. assigns |
23 |
31/32 for postgres, gentoo uses 70/70 for postgres but 31/31 for |
24 |
squid, so having both distris on different hosts leads to really |
25 |
'funny' results if you also use a central user repository or try to |
26 |
merge both passwd-files, see 3.) |
27 |
|
28 |
If you have a access to a running debian system look at |
29 |
/usr/share/base-passwd/passwd.master |
30 |
|
31 |
2. In /etc/passwd from baselayout there are several users predefined |
32 |
which are really unnecessary on many systems. Why do I need a user |
33 |
games? Or squid on a host which never runs a proxy or another proxy |
34 |
like oops? Etc. |
35 |
|
36 |
3. If one runs openldap for authentification and nss one don't want to |
37 |
maintain two sources of uid/gid's which - if you run different |
38 |
distris - may conflict in an odd way. |
39 |
|
40 |
IMO a clearer approach could be: |
41 |
|
42 |
1. The predefined entries in /etc/passwd should be reduced to exactly 1 |
43 |
entry for root, all other (system-)users could be created dynamicly |
44 |
by the ebuilds without assigning a fixed uid/gid. |
45 |
|
46 |
2. The current ebuilds which assign _fixed_ uids/gids could be fixed so |
47 |
they don't use the appropriate useradd/groupadd options any longer. |
48 |
|
49 |
I don't see any benefits of developing and/or maintaining a predefined |
50 |
/etc/passwd with more than exactly one entry for root. |
51 |
|
52 |
Just my 0.02$ |
53 |
|
54 |
Martin |
55 |
|
56 |
-- |
57 |
gentoo-dev@g.o mailing list |