Fedora User Management (revisited)
Axel Thimm
Axel.Thimm at ATrpms.net
Thu Mar 8 16:00:03 UTC 2007
On Thu, Mar 08, 2007 at 09:48:29AM -0500, Simo Sorce wrote:
> On Tue, 2007-03-06 at 15:34 -0500, Matthew Miller wrote:
> > On Tue, Mar 06, 2007 at 09:28:46PM +0100, Nicolas Mailhot wrote:
> > > > It only
> > > > solves a few rare use cases and it's causing real problems.
> > > If you call "rare use cases" every server that didn't snatch a sub-100
> > > uid while there where some room left
> >
> > To be clear, I'm only in favor of getting rid of it if some other way of
> > rationally assigning fixed user ids is phased in.
>
>
> Sorry to jump in in the middle of the discussion, but I really don't get
> why you should have fixed uids.
> Sure 1-100 is a too tiny space, Fedora should probably begin to reserve
> 1-1000 or maybe 1-10000 for "system/packages" uids.
> You can't fix the size problem switching from dynamic to fixed uids so I
> don't see the point.
FWIW we do have reserved space of up to 499. It's just that we call
the first 100 fixed and the rest is randomly assigned (in a sequential
bottom-to-top order).
Note that there is an ancient discussion/bugzilla about having useradd
-r assing from top to bottom. That would be a first step in allowing
to lift the crossover line from fixed to non-fixed system accounts
from say 100 to 150 or 200 after some transition time (counted in
years probably).
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=190523#c4:
| And if /usr/share/doc/setup-*/uidgids reserves a new slot in the
| future it is very likely that useradd -r will already have a
| dynamical user from another package sitting on it. E.g. the setup is
| not future-proof.
|
| So in order to not let this conflict happen neither with outsynced
| packages vs /usr/share/doc/setup-*/uidgids or any futrure new static
| uids/gids it makes sense to have useradd -r reserve dynamic
| udis/gids from the top of the available range. We do have ~400
| uids/gids reserved for dynamical assignment and starting at 100 is
| asking for trouble now that the first 100 static id have been
| assigned. Alternatively you could raise the starting uid/gid bar
| from 100 to 150 or 200, but starting at the top and eating through
| to the bottom is better IMHO.
--
Axel.Thimm at ATrpms.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-maintainers/attachments/20070308/a92e4773/attachment.sig>
More information about the Fedora-maintainers
mailing list