On Thu, Feb 25, 2010 at 7:08 PM, Allan McRae <[email protected]> wrote: > On 23/02/10 15:06, Allan McRae wrote: >> >> On 23/02/10 04:49, Roman Kyrylych wrote: >>> >>> On Mon, Feb 22, 2010 at 17:19, Allan McRae<[email protected]> wrote: >>>> >>>> Hi, >>>> >>>> At the moment, groupadd always creates system groups with GID=99. >>>> (http://bugs.archlinux.org/task/16092). >>>> >>>> We can fix this by adding something quite standard like: >>>> SYS_UID_MIN = 100 >>>> SYS_GID_MIN = 100 >>>> SYS_UID_MAX = 999 >>>> SYS_GID_MAX = 999 >>>> in /etc/login.defs >>>> >>>> But this will lead to possible issues with packages using fixed GID>= >>>> 100. >>>> e.g. I could create a bunch system groups and then install a package who >>>> has predetermined that an already used group ID is for it. >>>> >>>> There are two possible solutions: >>>> 1) Set SYS_{U,G}ID_MIN to (e.g.) 500 and have all packages use >>>> numbers below >>>> 500. >>>> 2) Have the packages create a group without a specified ID. Anything >>>> requiring a fixed group ID at compile time (e.g. mailman) must use a >>>> number >>>> < 100. >>>> >>>> I am in favour of #2 (slightly) as it seems the better solution, but #1 >>>> would only require shadow to be fixed and no rebuilds for other packages >>>> (the number of rebuilds for #2 would be very small). Opinions? >>> >>> I prefer #2 too, but there is a priblem: the space of GID< 100 is >>> crowded, >>> and some packages (e.g. gdm) switched to not using fixed GIDs due to >>> this. >>> UIDs up to 1000 are reserved for system purposes, >>> would be nice to increase the number of reserved GIDs too. >> >> This reserves GID < 1000 for system use, but only GID < 100 are "fixed". >> The rest are assigned dynamically. Do we really need more fixed GIDs? >> Most packages requiring a new group can have group ID generated on >> install. Anyone know what other distros do here? > > Any other opinions on this? > > That packages that create groups > 100 that would require rebuilt for option > #1 are:
I like the idea of increasing the *ID_MIN (option #1), but don't other distros use 1000 for system groups?
