Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 11 Nov 2006 15:48:05 -0500
From:      Kris Kennaway <kris@obsecurity.org>
To:        "Simon L. Nielsen" <simon@FreeBSD.org>
Cc:        Dmitry Pryanishnikov <dmitry@atlantis.dp.ua>, freebsd-ports@freebsd.org
Subject:   Re: UID/GID dynamic allocation in net/isc-dhcp3-server: why?
Message-ID:  <20061111204804.GA26170@xor.obsecurity.org>
In-Reply-To: <20061111203731.GL1006@zaphod.nitro.dk>
References:  <20061111210303.A92042@atlantis.atlantis.dp.ua> <20061111203731.GL1006@zaphod.nitro.dk>
next in thread | previous in thread | raw e-mail | index | archive | help 

--bg08WKrSYDhXBjb5
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sat, Nov 11, 2006 at 09:37:31PM +0100, Simon L. Nielsen wrote:
> On 2006.11.11 21:12:09 +0200, Dmitry Pryanishnikov wrote:
>=20
> >  I don't like the current behaviour of the net/isc-dhcp3-server port
> > of creating 'dhcpd' user and group using dynamic allocation instead of
> > having static one (as specified in /usr/ports/{U,G}IDs). I like the idea
> > of [ug]id ranges, and dynamic allocation doesn't keep within this idea
> > (ids of users and daemons get mixed). Is there specific reason why there
> > is no static [ug]id for net/isc-dhcp3-server?
>=20
> Personally I have it precisely the other way around - I find the
> static allocations rather annoying since they are bound to collide
> with existing UID's at some point.
>
> IMO the optimal solution would be to have some magic which auto
> assigns ports/system UID/GID's from different ranges that normal
> users.

Just so :)

UIDs below 1000 are (and have been for many years) allocated to the
"system" (ports/src), and are not supposed to be allocated by
administrators.  This at least works out of the box with some of the
tools we have for allocating new users, so are you aware of any that
don't do this?

Kris

--bg08WKrSYDhXBjb5
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (FreeBSD)

iD8DBQFFVjcEWry0BWjoQKURAoCSAJ9xkOBjXgTukfqnDJR3PWbTWhiT1gCdH/1h
Aagr6hXcvkE3t2Kd5Mq/wfY=
=t/4J
-----END PGP SIGNATURE-----

--bg08WKrSYDhXBjb5--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20061111204804.GA26170>