From owner-freebsd-ports@FreeBSD.ORG Sun Nov 12 10:45:36 2006 Return-Path: X-Original-To: freebsd-ports@freebsd.org Delivered-To: freebsd-ports@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9202816A4B3; Sun, 12 Nov 2006 10:45:36 +0000 (UTC) (envelope-from flz@FreeBSD.org) Received: from smtp2-g19.free.fr (smtp2-g19.free.fr [212.27.42.28]) by mx1.FreeBSD.org (Postfix) with ESMTP id B10D043D6D; Sun, 12 Nov 2006 10:45:35 +0000 (GMT) (envelope-from flz@FreeBSD.org) Received: from smtp.xbsd.org (unknown [82.233.2.192]) by smtp2-g19.free.fr (Postfix) with ESMTP id D3F677D1D; Sun, 12 Nov 2006 11:45:34 +0100 (CET) Received: from localhost (localhost.xbsd.org [127.0.0.1]) by smtp.xbsd.org (Postfix) with ESMTP id 39919114B5; Sun, 12 Nov 2006 11:45:34 +0100 (CET) Received: from smtp.xbsd.org ([127.0.0.1]) by localhost (srv1.xbsd.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 62827-05; Sun, 12 Nov 2006 11:45:28 +0100 (CET) Received: from [192.168.99.149] (unknown [81.74.42.155]) by smtp.xbsd.org (Postfix) with ESMTP id 16FBE11483; Sun, 12 Nov 2006 11:45:25 +0100 (CET) Message-ID: <4556FB41.7080904@FreeBSD.org> Date: Sun, 12 Nov 2006 10:45:21 +0000 From: Florent Thoumie User-Agent: Thunderbird 1.5.0.8 (Macintosh/20061025) MIME-Version: 1.0 To: Kris Kennaway References: <20061111210303.A92042@atlantis.atlantis.dp.ua> <20061111203731.GL1006@zaphod.nitro.dk> <20061111204804.GA26170@xor.obsecurity.org> <20061111210504.GM1006@zaphod.nitro.dk> <20061111211143.GA26524@xor.obsecurity.org> In-Reply-To: <20061111211143.GA26524@xor.obsecurity.org> X-Enigmail-Version: 0.94.0.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig5118D0F9067A5454C2B2110C" X-Virus-Scanned: amavisd-new at xbsd.org Cc: Dmitry Pryanishnikov , freebsd-ports@freebsd.org, "Simon L. Nielsen" Subject: Re: UID/GID dynamic allocation in net/isc-dhcp3-server: why? X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 12 Nov 2006 10:45:36 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig5118D0F9067A5454C2B2110C Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Kris Kennaway wrote: > On Sat, Nov 11, 2006 at 10:05:05PM +0100, Simon L. Nielsen wrote: >> On 2006.11.11 15:48:05 -0500, Kris Kennaway wrote: >>> On Sat, Nov 11, 2006 at 09:37:31PM +0100, Simon L. Nielsen wrote: >>>> On 2006.11.11 21:12:09 +0200, Dmitry Pryanishnikov wrote: >>>> >>>>> I don't like the current behaviour of the net/isc-dhcp3-server por= t >>>>> of creating 'dhcpd' user and group using dynamic allocation instead= of >>>>> having static one (as specified in /usr/ports/{U,G}IDs). I like the= idea >>>>> of [ug]id ranges, and dynamic allocation doesn't keep within this i= dea >>>>> (ids of users and daemons get mixed). Is there specific reason why = there >>>>> is no static [ug]id for net/isc-dhcp3-server? >>>> Personally I have it precisely the other way around - I find the >>>> static allocations rather annoying since they are bound to collide >>>> with existing UID's at some point. >>>> >>>> IMO the optimal solution would be to have some magic which auto >>>> assigns ports/system UID/GID's from different ranges that normal >>>> users. >>> Just so :) >>> >>> UIDs below 1000 are (and have been for many years) allocated to the >>> "system" (ports/src), and are not supposed to be allocated by >>> administrators. This at least works out of the box with some of the >>> tools we have for allocating new users, so are you aware of any that >>> don't do this? >> I know that people are not suposed to use < 1000 and for normal users >> and I havent seen any FreeBSD tools which uses low UID's for normal >> users by default. I don't do use low UID's new systems/sites, but >> sometimes you have "old" systems/sites where that is just not the >> case. I'm certainly not saying we should bent over backwards to >> support these legacy systems, I just want to point out that they do >> exist. I'm really not trying to start a big debate over static >> vs. dynamic UID/GID allocations, the original mail just made it sound >> to me like it was a universal truth that ports should use hardcoded >> UID/GID's and it was always a good thing. >> >> And the site where I have UID/GID's in the < 1000 range is called >> FreeBSD.org :-) (we use UID/GID's from 500 and up). >=20 > I dunno what you are suggesting could be done on systems where the > administrators have chosen to ignore the conventions. Even supposing > the <1000 range was dynamically remapped to some other range on such > systems, what's to stop the rogue admin from allocating there too? I have a bsd.port.mk patch in the works to create users/groups automatically from uids/gids registered in the related files. It wouldn't be too hard to include a UID_OFFSET/GID_OFFSET parameter so that the local admin can reserve uids/gids in say range 2000-3000 instead of 0-1000 (which isn't really 0-1000 but I'm too lazy to check where system uids/gids stop :-) Would it be alright with you Simon? --=20 Florent Thoumie flz@FreeBSD.org FreeBSD Committer --------------enig5118D0F9067A5454C2B2110C Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFVvtBMxEkbVFH3PQRAushAJwIIOfu7BH8HexKxA9E4L3mWMKF7gCfTblI YJdxT9/UdR2m35J7xXDbMgc= =soWy -----END PGP SIGNATURE----- --------------enig5118D0F9067A5454C2B2110C--