Hi Michael, On Fri, Aug 10, 2018 at 08:23:38AM +0200, Michael Biebl wrote: > Currently, DynamicUser gets a uid from within the following range: > 61184 - 65519. Those values can be configured during build time via > -Ddynamic-uid-min= and -Ddynamic-uid-max. > > The debian policy has a section about uids and gids: > https://www.debian.org/doc/debian-policy/ch-opersys.html#uid-and-gid-classes
Thank you for thinking of this. Your attention to detail is much appreciated. I also like your way of openly communicating problems by filing bugs against your own packages. > There is also: > 65536-4294967293: > Dynamically allocated user accounts. By default adduser will not > allocate UIDs and GIDs in this range, to ease compatibility with legacy > systems where uid_t is still 16 bits. That's not exactly correct. While adduser will not pick from this range for regular user ids, it will pick for "subuids" (see /etc/subuid and man newuidmap). Doing so is necessary for practically using user namespaces (a feature that is disabled in Debian kernels by default). > I'm not sure if it would be more suitable to pick the DynamicUser ids > from this range. So I think the answer here is "no" as those allocations have happened on user systems already. As far as I can see, the only reasonable thing to do here is to allocate a range specifically for systemd in the Debian policy. > CCing Sean to get his input as debian-policy maintainer. I actually propose that this bug is reassigned to debian-policy or that a clone of this bug is assigned to debian-policy, because it will need to change. Helmut

