On Thu 18 Jan 2024 at 07:31:05 (-0500), Greg Wooledge wrote:
> On Thu, Jan 18, 2024 at 05:38:37AM -0000, David Chmelik wrote:
> > Couldn't Debian standardize uid:gid numbers for daemons?
>
> The thing is, Debian has tens of thousands of packages, and any one
> of these packages is capable of creating new UIDs and/or GIDs if it
> feels like doing so. There is no centralized place where all of the
> possible UIDs and GIDs are registered. It's all ad hoc.
>
> If a centralized UID/GID registry were to be created, the following
> results would occur:
Debian does have four very small ID registries, two are in
base-passwd: /usr/share/base-passwd/{passwd,group}.master.¹
At a purely local level, what would be the consequences of
extending those files to cover all the expected UID/GIDs on
a network of pet PCs (as opposed to cattle). Obviously this
would have to be done at the earliest opportunity.
> * Every package that creates one would have to be updated in a
> non-trivial manner. By its maintainer. Thousands of separate
> maintainers. A cat-herd of Debian developers, who do this work
> in their spare time, as they get around to it.
A local sysadmin might try wrapping adduser/useradd, or whatever,
to insert/override choices. Or else new packages would have to be
examined before their installation, and UID/GIDs added manually.
> * Every obscure, niche package's users and groups would have to be
> added to every Debian system. [ … ]
> * Did I mention that every Debian system in existence would have to
> have ALL of its users and groups redone? [ … ]
> * This change would have to be made by a human being running a
> conversion script as root in single-user mode, [ … ]
>
> This is one of those "the boat has already left the dock" situations.
> If this were going to happen, it would have to have happened in the
> early 1990s. There is no feasible way to make it happen now.
Agreed, for any sort of Debian or non-local reconfiguration.
¹ There are some reserved high IDs documented in the README, which
are set when the relevant packages are installed.
Cheers,
David.
