Bug#905817: UID range of DyanmicUser overlaps with existing definitions in debian-policy

Helmut Grohne helmut at subdivi.de
Fri Aug 10 07:43:39 BST 2018

Hi Michael,

On Fri, Aug 10, 2018 at 08:23:38AM +0200, Michael Biebl wrote:
> Currently, DynamicUser gets a uid from within the following range:
> 61184 - 65519. Those values can be configured during build time via
> -Ddynamic-uid-min= and -Ddynamic-uid-max.
> The debian policy has a section about uids and gids:
> https://www.debian.org/doc/debian-policy/ch-opersys.html#uid-and-gid-classes

Thank you for thinking of this. Your attention to detail is much
appreciated. I also like your way of openly communicating problems by
filing bugs against your own packages.

> There is also:
> 65536-4294967293:
>  Dynamically allocated user accounts. By default adduser will not
>  allocate UIDs and GIDs in this range, to ease compatibility with legacy
>  systems where uid_t is still 16 bits.

That's not exactly correct. While adduser will not pick from this range
for regular user ids, it will pick for "subuids" (see /etc/subuid and
man newuidmap). Doing so is necessary for practically using user
namespaces (a feature that is disabled in Debian kernels by default).

> I'm not sure if it would be more suitable to pick the DynamicUser ids
> from this range.

So I think the answer here is "no" as those allocations have happened on
user systems already.

As far as I can see, the only reasonable thing to do here is to allocate
a range specifically for systemd in the Debian policy.

> CCing Sean to get his input as debian-policy maintainer.

I actually propose that this bug is reassigned to debian-policy or that
a clone of this bug is assigned to debian-policy, because it will need
to change.


More information about the Pkg-systemd-maintainers mailing list