From owner-freebsd-security  Mon Mar 19 17: 1:46 2001
Delivered-To: freebsd-security@freebsd.org
Received: from smtp02.teb1.iconnet.net (smtp02.teb1.iconnet.net [209.3.218.43])
	by hub.freebsd.org (Postfix) with ESMTP
	id 0AF7537B737; Mon, 19 Mar 2001 17:01:39 -0800 (PST)
	(envelope-from babkin@bellatlantic.net)
Received: from bellatlantic.net (client-151-198-135-36.nnj.dialup.bellatlantic.net [151.198.135.36])
	by smtp02.teb1.iconnet.net (8.9.1/8.9.1) with ESMTP id UAA23273;
	Mon, 19 Mar 2001 20:00:40 -0500 (EST)
Message-ID: <3AB6ABB7.A208EECE@bellatlantic.net>
Date: Mon, 19 Mar 2001 20:00:39 -0500
From: Sergey Babkin <babkin@bellatlantic.net>
X-Mailer: Mozilla 4.7 [en] (X11; U; FreeBSD 4.0-19990626-CURRENT i386)
X-Accept-Language: en, ru
MIME-Version: 1.0
To: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
Cc: security@FreeBSD.ORG, Wes Peters <wes@softweyr.com>,
	Robert Watson <rwatson@FreeBSD.ORG>, fs@FreeBSD.ORG, arch@FreeBSD.ORG
Subject: Re: about common group & user ID space (PR kern/14584)
References: <200103181447.f2IElef41927@cwsys.cwsent.com>
Content-Type: text/plain; charset=koi8-r
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Cy Schubert - ITSD Open Systems Group wrote:
> 
> In message <3AB3FC38.94711FFF@bellatlantic.net>, Sergey Babkin writes:
> > All,
> >
> > I want to commit PR kern/14584. I've been told that it's good
> 
> >From an operational standpoint I see one problem.  Some sites use UID
> 0-999 and 65000-65535 for use by special accounts, such as www, ftp,
> oracle, etc.  In some cases this policy is dictated by a desire to have
> some kind of commonality across various vendor platforms, some of which
> reserve some odd UID's and GID's for vendor supplied software or
> purposes.  The only suggestion I would make is that a range could be
> specified.  For example instead of vfs.commonid, vfs.commonid.low and
> vfs.commonid.high, allowing a site to, for example, reserve UID/GID's
> 10000-19999 or any other range as common ID's.

I'm not sure if it's so important: probably, normally the IDs
around 65535 are used for things like nobody/nogroup. But since
it's easy to implement, I guess it would not hurt. So I agree
with this proposal.

-SB

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message