[Fedora-packaging] Re: Possible UsersAndGroupsDraft
Axel Thimm
Axel.Thimm at ATrpms.net
Fri Jun 15 07:38:05 UTC 2007
On Fri, Jun 15, 2007 at 07:47:42AM +0200, Ralf Corsepius wrote:
> Actually, I like Ville's proposal because of it's simplicity and don't
> see the potential security risk as critical, because user/group and
> uid/gid handling always will require admin intervention.
+++++
> The worst case probably is using a "last name is username" convention
> and your last name being "Root", "Mail" or "Windows" ;)
"Hi, my name is Gopher, why does my sysadmin not give me an account?" ;)
> > I think at least a check to see if the "amanda" user is < 1000 would
> > make a lot of sense.
>
> I think restricting all rpm-created uids to < a limit (the value is
> debatable) and presuming them to be local would be a reasonable
> compromise
Like Bill wrote, have useradd -r bail out if the uid is outside the
range.
But the range is fixed, 0-99 for static ids, 100-499 for dynamic ones,
500-... for users. If you touch this (e.g. extend to 1000) you break a
lot of stuff like user homes.
We may need to do so some day, but this is so invasive that we
probably need to make a case before the LSB get some preapproval that
they recognise the need and will consider this topic for the next
draft and then start making lots of heads-up noise to have sysadmins
make space there in time (e.g. move their users to another id range).
Since this is a lot of effort required from various players we really
should very carefully consider when and what to ask for (e.g. ask for
1000 when two years later it will be considered that 2000 would had
been better and redo the whole dance?).
But the current discussion is orthogonal to this. It is very good that
this information is encapsulated in useradd, so the packages need not
know anything. So whenever these ranges (if ever change) all packages
will not even need a rebuild.
I vote for Ville's draft with a plea to the useradd maintainer to make
useradd -r fail if the result is that the uid/gid is not in the system
range. And also have the %pre script miseably fail to wake up the
sysadmin ("Hugh, we have a user called Gopher?").
--
Axel.Thimm at ATrpms.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-packaging/attachments/20070615/f9a13354/attachment.sig>
More information about the Fedora-packaging
mailing list