package libnss-extrausers
severity 566399 wishlist
thanks
* Sascha Silbe <[email protected]> [100123
13:05]:
> libnss-extrausers tries to prevent "accidental" overwriting of "system users"
> by checking whether uid or gid are below 500.
> Not only is there a mismatch with both Debian policy (reserving
> 0-999+60000-64999+65534 for system accounts)
As the range to be protected against is a strict subset of the system
users range, one can easily decide which users to distribute and which
to not distribute by putting them into the protected area or outside the
protected area.
> This breaks in the quite common (though not default) case of
> USERGROUPS=no, USERS_GID=100
I know this only from very ancient setups (Because it disallows umask
002, which makes collaboration using groups very hard). And in most
of those setups it is not 100, but rather somethings like students=500,
staff=501,xyz=502 or things like that
> Please
> a) remove the GID check for passwd entries or at least special-case GID 100
> and
Special casing 100 feels a bit unabstract, but I guess it is a sensible
thing to do.
> b) add a way to disable these checks altogether (config file, second library,
> ... I don't care).
I do not really like the idea of an config file, because a configured
nss module is used by almost every program running. So even small
things done there give a big impact in the whole sum.
Doing a second library with just all restrictions removed sounds
like a nice idea, though.
Hochachtungsvoll,
Bernhard R. Link
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
