Bug#959735: Ship a default range for systemd-sysusers which follows adduser defaults

Michael Biebl biebl at debian.org
Tue Mar 16 15:58:09 GMT 2021 

Hi Moritz

On Mon, 04 May 2020 19:53:26 +0200 Moritz Muehlenhoff <jmm at debian.org>
wrote:
> Package: systemd
> Severity: wishlist
> 
> The default config in adduser configures
> 
> FIRST_SYSTEM_UID=100
> LAST_SYSTEM_UID=999
> FIRST_SYSTEM_GID=100
> LAST_SYSTEM_GID=999
> 
> I'm wondering if systemd by default should ship
> 
> r     -        100-999
> 
> somewhere in /usr/lib/sysusers.d to mimic that default as well. (The
upper
> bound is already implicitly defined as a compile-time default by
means
> of passing -DSystemd-[ug]id-max=999 in debian/rules)


So, the current builtin defaults are

['system-alloc-uid-min', 'SYS_UID_MIN', 1],                       
['system-uid-max',       'SYS_UID_MAX', 999],
['system-alloc-gid-min', 'SYS_GID_MIN', 1],
['system-gid-max',       'SYS_GID_MAX', 999]]

They can be set via:

option('system-alloc-uid-min', type : 'integer', value : '-1',
       description : 'minimum system UID used when allocating')
option('system-alloc-gid-min', type : 'integer', value : '-1',
       description : 'minimum system GID used when allocating')
option('system-uid-max', type : 'integer', value : '-1',
       description : 'maximum system UID')
option('system-gid-max', type : 'integer', value : '-1',
       description : 'maximum system GID')

The upper bound is already 999, so wouldn't need to be changed.
The lower bound could be changed via 

-Dsystem-alloc-uid-min=100
-Dsystem-allow-gid-min=100

to match the debian/adduser default.

systemd-sysusers would still behave slightly different to adduser
though.
It starts with 999 and works its way down.

This is kinda nice in some way, as you can more easily distinguish
statically allocated system groups/users (via base-passwd) from
dynamically alloced system groups/users.

I.e. I probably wouldn't change that aspect of systemd-sysusers, as I
kinda like it.

Regards,
Michael
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20210316/da34becc/attachment.sig>

More information about the Pkg-systemd-maintainers mailing list