[Fedora-packaging] Re: User IDs in Core packages?

Thu Feb 1 14:06:06 UTC 2007

On Thu, Feb 01, 2007 at 03:57:59PM +0200, Sarantis Paskalis wrote:
> On Thu, Feb 01, 2007 at 02:28:31PM +0100, Axel Thimm wrote:
> > > Thanks for the pointer.  I didn't know its existence.  One issue 
> > > that arises now is whether a merge of 
> > > http://fedoraproject.org/wiki/PackageUserRegistry and this file
> > > (/usr/share/doc/setup-*/uidgid) is to be considered.
> > 
> > These are very different objects, the uidgid are fixed, absolute
> > uids/gids, while the wiki URL above is for the floating model of
> > adding uids/gids (e.g. there is some per-machine settable value that
> > is added).
> > 
> > Personally I strongly recommend against using the floating model,
> > because
> > 
> > a) the added base value is arbitrary
> > b) any change after the first install of the helper tool of this base
> >    value will break all previous installs using this method
> > c) it isn't transparent to the user (admin) that some upper part of
> >    his uid/gid space is reserved for this method, so he may be
> >    accidentially using it.
> 
> I understand that and I recall some heated exchange between proponents 
> of different models.  My impression was that this model was born because 
> it was impossible/very difficult to fix uidgids in core for extras 
> packages due to the division between core and extras,

I think that's not really the reason, it's just too few of them
available, e.g. just < 100 and all are used up.

> and that it would be preferable to maintain a fixed uidgid for all
> applications/programs that needed it.  My impression was also that
> those programs listed in the wiki actually wanted/needed a fixed
> uidgid, but could not get one because of this difficulty.
> 
> Now that there should be no distinction between core and extras, the 
> fixed uidgid possibility should become available to former extras 
> packages, starting from those that probably needed it most (the ones in 
> the wiki).

Indeed, but there are none left.

> That was my point really.  If my understanding of the situation was not 
> correct, please accept my apologies.

There are not enough fixed uids/gids left for merging in the floating
uids/gids. What really needs to be done is to reserve 100-500 to the
system uid/gid space, something not really possibly anymore for F7.

E.g. any reshuffling of uids/gids will happen post-F7 if at all, but
the good news is that the Core packages are already on the safe side
since they used the fixed area, so this is not blocking the merger in
any way.

Perhaps the new statistics gathering system should check for how many
systems have non-system users below 500. Hopefully very close to zero.
-- 
Axel.Thimm at ATrpms.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-packaging/attachments/20070201/19d34e0a/attachment.sig>