>> When trawling through the main repository I noticed there are spots
>> where GID/UID is set manually when creating a user, using the `-g` flag
>> to adduser.
>>
>> Do we have an up-to-date list of the reserved system user and group IDs?
>> Those packaging server software need to be able to find this document
>> easily so we don't run into UID conflicts. I searched the wiki and
>> browsed the main site but could not find it. I recall we had some sort
>> of document for this.
>
>
>This is something we do indeed sorely need. We do not have one yet.
>After the formalisation of projects, this should probably be a top priority.
Technical data point:
AIUI, the list of statically reserved uids/gids is available in the
packages source tree: system/adelie-base/{passwd,group}
Adding to those is impractical for users, as people upgrading from
beta1 to beta2 have noticed when s6 didn't work ootb for them: users
must check for /etc/{passwd,group}.apk-new files and merge them
manually, and if they don't, things break.
It is much more user-friendly to create appropriate uid/gids
dynamically, at package first installation time (which is why I
did so in later packages). We lose consistency of uid/gid numbering
across machines, but I don't think it's a big issue. I would advise
keeping the adelie-base /etc/{passwd,group} files as they are forever
(we could even make them smaller by e.g. removing the qmail users and
groups I added there) and always using .pre-install scripts to add
uid/gids as needed.
>One open question: should this list be maintained by the Platform Group,
>i.e. the core devs? Or should it be open to all committers?
Another advantage of having a small, fixed static list is that it
can be maintained by the core devs without adding burden to them,
and committers can still create all the uids and gids they need for
proper privilege separation in the packages they add.
--
Laurent
Received on Fri Mar 29 2019 - 08:19:37 UTC