Date: Mon, 19 Mar 2001 20:00:39 -0500 From: Sergey Babkin <babkin@bellatlantic.net> To: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca> Cc: security@FreeBSD.ORG, Wes Peters <wes@softweyr.com>, Robert Watson <rwatson@FreeBSD.ORG>, fs@FreeBSD.ORG, arch@FreeBSD.ORG Subject: Re: about common group & user ID space (PR kern/14584) Message-ID: <3AB6ABB7.A208EECE@bellatlantic.net> References: <200103181447.f2IElef41927@cwsys.cwsent.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Cy Schubert - ITSD Open Systems Group wrote: > > In message <3AB3FC38.94711FFF@bellatlantic.net>, Sergey Babkin writes: > > All, > > > > I want to commit PR kern/14584. I've been told that it's good > > >From an operational standpoint I see one problem. Some sites use UID > 0-999 and 65000-65535 for use by special accounts, such as www, ftp, > oracle, etc. In some cases this policy is dictated by a desire to have > some kind of commonality across various vendor platforms, some of which > reserve some odd UID's and GID's for vendor supplied software or > purposes. The only suggestion I would make is that a range could be > specified. For example instead of vfs.commonid, vfs.commonid.low and > vfs.commonid.high, allowing a site to, for example, reserve UID/GID's > 10000-19999 or any other range as common ID's. I'm not sure if it's so important: probably, normally the IDs around 65535 are used for things like nobody/nogroup. But since it's easy to implement, I guess it would not hurt. So I agree with this proposal. -SB To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3AB6ABB7.A208EECE>