On Sat, Nov 11, 2006 at 10:05:05PM +0100, Simon L. Nielsen wrote: > On 2006.11.11 15:48:05 -0500, Kris Kennaway wrote: > > On Sat, Nov 11, 2006 at 09:37:31PM +0100, Simon L. Nielsen wrote: > > > On 2006.11.11 21:12:09 +0200, Dmitry Pryanishnikov wrote: > > > > > > > I don't like the current behaviour of the net/isc-dhcp3-server port > > > > of creating 'dhcpd' user and group using dynamic allocation instead of > > > > having static one (as specified in /usr/ports/{U,G}IDs). I like the idea > > > > of [ug]id ranges, and dynamic allocation doesn't keep within this idea > > > > (ids of users and daemons get mixed). Is there specific reason why there > > > > is no static [ug]id for net/isc-dhcp3-server? > > > > > > Personally I have it precisely the other way around - I find the > > > static allocations rather annoying since they are bound to collide > > > with existing UID's at some point. > > > > > > IMO the optimal solution would be to have some magic which auto > > > assigns ports/system UID/GID's from different ranges that normal > > > users. > > > > Just so :) > > > > UIDs below 1000 are (and have been for many years) allocated to the > > "system" (ports/src), and are not supposed to be allocated by > > administrators. This at least works out of the box with some of the > > tools we have for allocating new users, so are you aware of any that > > don't do this? > > I know that people are not suposed to use < 1000 and for normal users > and I havent seen any FreeBSD tools which uses low UID's for normal > users by default. I don't do use low UID's new systems/sites, but > sometimes you have "old" systems/sites where that is just not the > case. I'm certainly not saying we should bent over backwards to > support these legacy systems, I just want to point out that they do > exist. I'm really not trying to start a big debate over static > vs. dynamic UID/GID allocations, the original mail just made it sound > to me like it was a universal truth that ports should use hardcoded > UID/GID's and it was always a good thing. > > And the site where I have UID/GID's in the < 1000 range is called > FreeBSD.org :-) (we use UID/GID's from 500 and up).
I dunno what you are suggesting could be done on systems where the administrators have chosen to ignore the conventions. Even supposing the <1000 range was dynamically remapped to some other range on such systems, what's to stop the rogue admin from allocating there too? Kris
pgpeJCy3AVoqS.pgp
Description: PGP signature