Static system level uid/gid's reservations in Fedora/RHEL - how to handle situation?
Ondřej Vašík
ovasik at redhat.com
Tue Apr 28 07:04:25 UTC 2009
Hello,
at the moment static system level uid/gid's are handled by setup package
and /usr/share/doc/setup-*/uidgid file. There is threshold of system
uid/gid's - it's uid/gid 100. Another way to reserve "static" uid/gid
reservation is http://fedoraproject.org/wiki/PackageUserRegistry ...
usable only for Fedora and only semi-static (as base id could be easily
changed).
As we are running out of the free uid/gid's in uidgid reservation file
(no free gid's in fact at the moment), it has to be solved somehow...
there are quite often requests for uidgid reservations as it increases
security in many cases...
What's the best way to handle that situation? One possibility is to
increase the threshold of system level id's (to 200? 300?), another is
to check current reservation and clean long-term unused reservations (I
doubt there are many such cases, so it's only temporary solution). Other
could be sharing groups (as static uid's are still available), but
that's not always good solution.
Any other idea or some prefered solution?
Greetings,
Ondřej Vašík
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Toto je digit?ln? podepsan? ??st zpr?vy
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20090428/c2c8e522/attachment.sig>
More information about the fedora-devel-list
mailing list