Starting user UIDs at 1000 - please check your packages
Miloslav Trmač
mitr at volny.cz
Wed Jul 20 16:07:03 UTC 2011
Hello all,
Fedora 16 will start user UIDs and GIDs at 1000 instead of 500[1].
Unfortunately some packages need to know the boundary, and usually
hard-code it. I have checked the most common packages[2], but I can't
check all 10 thousand packages, and I your help with this.
Please check the packages you own:
* (rpmbuild -bp) your packages
* grep the source code for /\<500\>/
* Check the results for code that compares UID or GID values to 500.
It may be useful to filter out the following common false positives:
- _XOPEN_SOURCE
- .po and .pot files
- g_timeout_add, gobject.timeout_add, /.*sleep *(500/
Of course you can skip packages that you know very well; but please
check packages if you are the tiniest bit unsure - the hard-coded
value appears in surprising places (e.g. httpd).
If you find code that hard-codes the UID or GID boundary:
- Add code that parses /etc/login.defs for the actual value of the
boundary (UID_MIN, GID_MIN). [3] contains Python code to do this.
- Keep the existing hard-coded boundary as a fallback for cases where
/etc/login.defs doesn't exist.
I'll be happy to help with the porting or to answer any questions -
just send me an e-mail.
Thank you,
Mirek
[1] https://fedoraproject.org/wiki/Features/1000SystemAccounts
[2] Those that can be installed by choosing all package groups
("Graphical Desktop", "Software Development", "Web Server") in
anaconda without enabling comps groups or packages individually.
[3] https://bugzilla.redhat.com/attachment.cgi?id=510191
More information about the devel
mailing list