Bug#402288: [Adduser-devel] Bug#402288: adduser allows UIDs < 100
This one time, at band camp, Marc Haber said: > On Sat, Dec 09, 2006 at 08:04:40PM +0100, Marc Haber wrote: > > On Sat, Dec 09, 2006 at 06:31:47PM +, Stephen Gran wrote: > > > This one time, at band camp, Antti-Juhani Kaijanaho said: > > > > The discussion up to now seems to be concentrated on Tuukka's point 1. > > > > I agree that it is probably unnecessarily invasive. However, the other > > > > points seem valid to me (informing the user that there is this potential > > > > problem). > > > > > > I agree with that. I will make the documentation changes (although not > > > tonight - Marc, if you want them in right away, go ahead). > > > > I'll happily wait for you. > > Any news on this? I'd like to make an 3.101 upload. Sorry - this slipped off my radar completely. Thanks for the prod - I've checked in an initial stab at it. Could people who use utf-8 locales (or anything besides 8859-1, really) make sure I haven't stuffed up the manpage changes? I always forget to escape characters, and it only ever seems to hit people in locales other than mine, so I miss them in testing. Thanks, -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#402288: [Adduser-devel] Bug#402288: adduser allows UIDs < 100
On Sat, Dec 09, 2006 at 08:04:40PM +0100, Marc Haber wrote: > On Sat, Dec 09, 2006 at 06:31:47PM +, Stephen Gran wrote: > > This one time, at band camp, Antti-Juhani Kaijanaho said: > > > The discussion up to now seems to be concentrated on Tuukka's point 1. > > > I agree that it is probably unnecessarily invasive. However, the other > > > points seem valid to me (informing the user that there is this potential > > > problem). > > > > I agree with that. I will make the documentation changes (although not > > tonight - Marc, if you want them in right away, go ahead). > > I'll happily wait for you. Any news on this? I'd like to make an 3.101 upload. Greetings Marc -- - Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things."Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#402288: [Adduser-devel] Bug#402288: adduser allows UIDs < 100
On Sat, Dec 09, 2006 at 06:31:47PM +, Stephen Gran wrote: > This one time, at band camp, Antti-Juhani Kaijanaho said: > > The discussion up to now seems to be concentrated on Tuukka's point 1. > > I agree that it is probably unnecessarily invasive. However, the other > > points seem valid to me (informing the user that there is this potential > > problem). > > I agree with that. I will make the documentation changes (although not > tonight - Marc, if you want them in right away, go ahead). I'll happily wait for you. Greetings Marc -- - Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things."Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#402288: [Adduser-devel] Bug#402288: adduser allows UIDs < 100
This one time, at band camp, Antti-Juhani Kaijanaho said: > The discussion up to now seems to be concentrated on Tuukka's point 1. > I agree that it is probably unnecessarily invasive. However, the other > points seem valid to me (informing the user that there is this potential > problem). I agree with that. I will make the documentation changes (although not tonight - Marc, if you want them in right away, go ahead). -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#402288: [Adduser-devel] Bug#402288: adduser allows UIDs < 100
The discussion up to now seems to be concentrated on Tuukka's point 1. I agree that it is probably unnecessarily invasive. However, the other points seem valid to me (informing the user that there is this potential problem). -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#402288: [Adduser-devel] Bug#402288: adduser allows UIDs < 100
This one time, at band camp, Tuukka Hastrup said: > On Sat, 9 Dec 2006, Stephen Gran wrote: > > This one time, at band camp, Tuukka Hastrup said: > > > According to the policy, UIDs and GIDs less than 100 are the same > > > on all Debian systems and come from the base-passwd package. The > > > adduser man page says adduser and addgroup "are friendlier front > > > ends to tools like useradd, groupadd and usermod programs, > > > choosing Debian policy conformant UID and GID values --." However, > > > the programs don't enforce this policy item or remind about it in > > > the documentation. > > > > I understand you to be saying that when you override adduser's > > defaults, it allows you to create a user with uid < 100 ? Is that > > correct? > > Yes, it provides mechanisms for that and doesn't inform the user of > the consequences. That is, as adduser promises to be a friendly front > end, it shouldn't expect the local system administrator to know the > traps in the Debian Policy. So, you want adduser to warn the admin that it's doing what it's been told to do? I'm not yett convinced, sorry. I'm also not completely sure what actual harm comes of this, unless you combine several willfull steps to make something go wrong. If you can demonstrate consequences, I think I'll be more inclined to agree that something should be done about it. You see, I think there's a balance between making adduser helpful to people who don't want to have to care about policy compliant user management, and making it a useful general purpose user management tool for people who know the risks and still want to do unusual things. I'm worried this will make it more irritating for the second group, without providing much benefit to the first group. Take care, -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#402288: [Adduser-devel] Bug#402288: adduser allows UIDs < 100
On Sat, 9 Dec 2006, Stephen Gran wrote: > This one time, at band camp, Tuukka Hastrup said: > > According to the policy, UIDs and GIDs less than 100 are the same on all > > Debian systems and come from the base-passwd package. The adduser man page > > says adduser and addgroup "are friendlier front ends to tools like > > useradd, groupadd and usermod programs, choosing Debian policy conformant > > UID and GID values --." However, the programs don't enforce this policy > > item or remind about it in the documentation. > > I understand you to be saying that when you override adduser's > default's, it allows you to create a user with uid < 100 ? Is that > correct? Yes, it provides mechanisms for that and doesn't inform the user of the consequences. That is, as adduser promises to be a friendly front end, it shouldn't expect the local system administrator to know the traps in the Debian Policy. -- -- Trying to catch me? Just follow up my Electric Fingerprints -- To help you: [EMAIL PROTECTED] http://www.iki.fi/Tuukka.Hastrup/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#402288: [Adduser-devel] Bug#402288: adduser allows UIDs < 100
This one time, at band camp, Tuukka Hastrup said: > According to the policy, UIDs and GIDs less than 100 are the same on all > Debian systems and come from the base-passwd package. The adduser man page > says adduser and addgroup "are friendlier front ends to tools like > useradd, groupadd and usermod programs, choosing Debian policy conformant > UID and GID values --." However, the programs don't enforce this policy > item or remind about it in the documentation. I understand you to be saying that when you override adduser's default's, it allows you to create a user with uid < 100 ? Is that correct? -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
