[Fedora-packaging] Static UIDs and GIDs

Toshio Kuratomi a.badger at gmail.com
Wed Apr 17 01:21:30 UTC 2013 

On Sun, Apr 14, 2013 at 02:26:00PM +0200, Nicolas Mailhot wrote:
> 
> Le Jeu 11 avril 2013 20:57, Toshio Kuratomi a écrit :
> > The FPC has recently been looking at a draft revision of the UID and Group
> > handling: https://fedorahosted.org/fpc/ticket/269
> 
> IMHO, it should explicitly state the ranges reserved for allocation by
> local admins and by third-party repositories (like /opt, /srv, /usr/local
> for filesystems)
> 
> That's the only way to make sure our choices do not terminally conflict
> with those made by others.
> 
At the moment, I don't think we have such a range.  Does that sound
accurate?

We have several choices if we start considering doing that:

* Cut a range out of the 1000 that we allocated to ourselves in F16.  This
  is a bit difficult because there's cases where we're already using them
  and we probably need more room rather than less.

* Cut a range out of the range that's already given to the local admins.

* Punt -- the sysadmin is already able to allocate their local range
  anywhere that isn't in the < 1000 range.  Sites will differ but it's not
  for us to decide.


For admin use I lean towards the latter.  The reason was given way back when
the original guidelines were written: local sites are already allocating a
range for their local system user accounts.  No matter what we would choose,
it would conflict with what they are using.

For third party repositories I'm not sure what to do.  They'll have the same
needs that we do including the problem of their usage constantly increasing.
Unless the repositories coordinate with each other, we can't just allocate a
single range for all third party repositories; instead, we'd need to
allocate a distinct range for each repository that isn't coordinating with
the others.

I somewhat dislike, but could see us serving as a central authority to hand
out uids from our existing static ranges to those other repos (if they'll
let us) but I'm not sure if we could do that legally (some of hte other
repos host things that we can't point people to from Fedora... does that
mean we can't help coordinate the assigning of uids to the software they're
hosting?)

-Toshio
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/packaging/attachments/20130416/dc7d47a7/attachment.sig>

More information about the packaging mailing list