UID_MIN & GID_MIN changed

[Peter Vrabec]

Hi,

On Tuesday, May 24, 2011 05:25:44 PM Toshio Kuratomi wrote:
> On Tue, May 24, 2011 at 1:59 AM, Peter Vrabec <pvrabec at redhat.com> wrote:
> > Hi all,
> > 
> > I'd like to inform you that I have changed UID_MIN & GID_MIN from 500 to
> > 1000 in upgraded shadow-utils.
> > 
> > Where?
> > /etc/login.defs.
> > shadow-utils-4.1.4.3-1.fc16
> > 
> > I suppose UID/GID_MIN=1000 is more common(other distros, upstream). We
> > are not in situation that 500 IDs for system accounts ought to be enough
> > for anybody. Actually, it was not 500.It was 299 because range 0-200 is
> > for reserved IDs. There are 799 non reserved IDs for system accounts
> > available after this change.
> 
> This change should be made as a Feature for F16 and needs some
> thought/coordination put behind it.  There's several issues that I
> see:
> 
> * AFAIK, we actually have not run into the 500 uid limit yet (although
> it is a bit low to be comfortable)
> *  AFAIK, we've only allocated the range 0-100 for reserved IDs.
> * The 0-100 reserved IDs are actually the pain point that we need to
> deal with, not the dynamic system ids in the 101-499 range.
We use 0-200 for reserved IDs  since
http://lists.fedoraproject.org/pipermail/devel/2009-April/028740.html

> * We don't know how many, if any IDs this actually gets us for the
> dynamic range because any site that has already filled the 500-1000
> UID range won't gain any extra dynamic system account through this
> change.
> * This could potentially break sites that are currently using the
> 500-1000 UID range and rely on the order of allocation of UIDs for
> their users on new machines matching with the UIDs on old machines.
> (For instance, NFS UIDs on filesystems matching between a box
> installed with RHEL5 and a box that gets newly installed with F16).
> 
> -Toshio

I'm not against wider announcement. I'm just not sure what is the right way - 
F16 Feature/Release Notes/ .... ? We can also annouce the 200 limit for 
reserved IDs. ;)

Peter.