[Pkg-shadow-devel] packaging next 4.1.3

Nicolas François nicolas.francois at centraliens.net
Thu Apr 9 21:46:36 UTC 2009


Hi,

On Wed, Apr 08, 2009 at 12:00:25PM +0200, pvrabec at redhat.com wrote:
> 
> I have packaged next 4.1.3 and made some clean up with patches. Everything 
> seems to be OK, but I have two patches that could upstream consider for 
> inclusion. 

Thanks for the patches.

> selinux.patch: add -Z option to map selinux user for user's login

I will trust the patch. I still did not try to read selinux
documentations yet;)

> sysAccount.patch: it changes the way how free IDs for new !system accounts! 
> are fount. We are not looking for largest unused value, but we go down from 
> UID_MAX and find first unused value. 
> You ask why? Because there are some apprehensions that we probably run out of 
> static IDs. I'm not fan of static IDs but what can I do. The space between 
> 0-100 is almost full and I suppose that there will be a time when we start 
> assigning static IDs over 100. To avoid any collision with already installed 
> system we decided to assign "dynamic" system IDs from the other side. We want 
> to create the gap between static and dynamic IDs , so if we run out of 100 
> free slots we can easily change the limits.

OK. The lack of fixed IDs may appear at some time, and if applied now,
this might be more simple to increase the fixed range in the future.

I will document the allocation of system users/groups.

For existing machines, that's probably too late, but in the future, this may
simplify changes of the fixed-range.

Debian uses ~40 groups (IDs up to 60), ~15 users (IDs up to 41)

Best Regards,
-- 
Nekral



More information about the Pkg-shadow-devel mailing list