Bug#905817: UID range of DyanmicUser overlaps with existing definitions in debian-policy
Helmut Grohne
helmut at subdivi.de
Fri Aug 10 07:43:39 BST 2018
Hi Michael,
On Fri, Aug 10, 2018 at 08:23:38AM +0200, Michael Biebl wrote:
> Currently, DynamicUser gets a uid from within the following range:
> 61184 - 65519. Those values can be configured during build time via
> -Ddynamic-uid-min= and -Ddynamic-uid-max.
>
> The debian policy has a section about uids and gids:
> https://www.debian.org/doc/debian-policy/ch-opersys.html#uid-and-gid-classes
Thank you for thinking of this. Your attention to detail is much
appreciated. I also like your way of openly communicating problems by
filing bugs against your own packages.
> There is also:
> 65536-4294967293:
> Dynamically allocated user accounts. By default adduser will not
> allocate UIDs and GIDs in this range, to ease compatibility with legacy
> systems where uid_t is still 16 bits.
That's not exactly correct. While adduser will not pick from this range
for regular user ids, it will pick for "subuids" (see /etc/subuid and
man newuidmap). Doing so is necessary for practically using user
namespaces (a feature that is disabled in Debian kernels by default).
> I'm not sure if it would be more suitable to pick the DynamicUser ids
> from this range.
So I think the answer here is "no" as those allocations have happened on
user systems already.
As far as I can see, the only reasonable thing to do here is to allocate
a range specifically for systemd in the Debian policy.
> CCing Sean to get his input as debian-policy maintainer.
I actually propose that this bug is reassigned to debian-policy or that
a clone of this bug is assigned to debian-policy, because it will need
to change.
Helmut
More information about the Pkg-systemd-maintainers
mailing list