GNU bug report logs -
#45571
Support stable uids and gids for system accounts in a container
Previous Next
Full log
Message #41 received at 45571 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
On Fri, Jan 1, 2021 at 10:11 PM Leo Prikler <leo.prikler <at> student.tugraz.at>
wrote:
> Hi Danny,
> Am Samstag, den 02.01.2021, 02:40 +0100 schrieb Danny Milosavljevic:
> > Hi Leo,
> >
> > On Sat, 02 Jan 2021 00:16:45 +0100
> > Leo Prikler <leo.prikler <at> student.tugraz.at> wrote:
> >
> > > > And it indeed is possible to add (uid 4711) in the literal and it
> > > > will work
> > > > just fine.
> > > I'm aware you're joking, or at least I hope you are,
> >
> > What? It's perfectly reasonable for a distribution to have stable
> > system
> > user ids.
>
My reaction to this was not that defaults are bad, but that dispersing
numeric literals throughout the code is. Collectively these values specify
the contents of a registry, so that registry might as well be located
centrally. Or at least, there should be some mechanism to ensure that two
services can't claim the same default ID, otherwise the collision will not
manifest until somebody instantiates a system with the colliding services.
From the solutions we do have so far, I believe that making user
> accounts an explicit part of service configuration (in what shape may
> still be up for debate), with reasonable defaults including numeric
> UIDs and GIDs (at least) for essential services such as GDM sounds like
> the best option. WDYT?
>
> Regards,
> Leo
>
That seems reasonable to me. As for representation, I think there's value
decoupling these settings from a service's own config so that support for
custom UIDs/GIDs remains consistent across services.
[Message part 2 (text/html, inline)]
This bug report was last modified 4 years and 96 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.