From owner-freebsd-ports@FreeBSD.ORG Sat Nov 11 21:11:55 2006 Return-Path: X-Original-To: freebsd-ports@freebsd.org Delivered-To: freebsd-ports@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 46A2D16A4A0; Sat, 11 Nov 2006 21:11:55 +0000 (UTC) (envelope-from kris@obsecurity.org) Received: from elvis.mu.org (elvis.mu.org [192.203.228.196]) by mx1.FreeBSD.org (Postfix) with ESMTP id EE18B43D53; Sat, 11 Nov 2006 21:11:54 +0000 (GMT) (envelope-from kris@obsecurity.org) Received: from obsecurity.dyndns.org (elvis.mu.org [192.203.228.196]) by elvis.mu.org (Postfix) with ESMTP id D55761A3C19; Sat, 11 Nov 2006 13:11:54 -0800 (PST) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id 9FA97515F4; Sat, 11 Nov 2006 16:11:44 -0500 (EST) Date: Sat, 11 Nov 2006 16:11:43 -0500 From: Kris Kennaway To: "Simon L. Nielsen" Message-ID: <20061111211143.GA26524@xor.obsecurity.org> References: <20061111210303.A92042@atlantis.atlantis.dp.ua> <20061111203731.GL1006@zaphod.nitro.dk> <20061111204804.GA26170@xor.obsecurity.org> <20061111210504.GM1006@zaphod.nitro.dk> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="M9NhX3UHpAaciwkO" Content-Disposition: inline In-Reply-To: <20061111210504.GM1006@zaphod.nitro.dk> User-Agent: Mutt/1.4.2.2i Cc: Dmitry Pryanishnikov , freebsd-ports@freebsd.org, Kris Kennaway Subject: Re: UID/GID dynamic allocation in net/isc-dhcp3-server: why? X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Nov 2006 21:11:55 -0000 --M9NhX3UHpAaciwkO Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Nov 11, 2006 at 10:05:05PM +0100, Simon L. Nielsen wrote: > On 2006.11.11 15:48:05 -0500, Kris Kennaway wrote: > > On Sat, Nov 11, 2006 at 09:37:31PM +0100, Simon L. Nielsen wrote: > > > On 2006.11.11 21:12:09 +0200, Dmitry Pryanishnikov wrote: > > >=20 > > > > I don't like the current behaviour of the net/isc-dhcp3-server port > > > > of creating 'dhcpd' user and group using dynamic allocation instead= of > > > > having static one (as specified in /usr/ports/{U,G}IDs). I like the= idea > > > > of [ug]id ranges, and dynamic allocation doesn't keep within this i= dea > > > > (ids of users and daemons get mixed). Is there specific reason why = there > > > > is no static [ug]id for net/isc-dhcp3-server? > > >=20 > > > Personally I have it precisely the other way around - I find the > > > static allocations rather annoying since they are bound to collide > > > with existing UID's at some point. > > > > > > IMO the optimal solution would be to have some magic which auto > > > assigns ports/system UID/GID's from different ranges that normal > > > users. > >=20 > > Just so :) > >=20 > > UIDs below 1000 are (and have been for many years) allocated to the > > "system" (ports/src), and are not supposed to be allocated by > > administrators. This at least works out of the box with some of the > > tools we have for allocating new users, so are you aware of any that > > don't do this? >=20 > I know that people are not suposed to use < 1000 and for normal users > and I havent seen any FreeBSD tools which uses low UID's for normal > users by default. I don't do use low UID's new systems/sites, but > sometimes you have "old" systems/sites where that is just not the > case. I'm certainly not saying we should bent over backwards to > support these legacy systems, I just want to point out that they do > exist. I'm really not trying to start a big debate over static > vs. dynamic UID/GID allocations, the original mail just made it sound > to me like it was a universal truth that ports should use hardcoded > UID/GID's and it was always a good thing. >=20 > And the site where I have UID/GID's in the < 1000 range is called > FreeBSD.org :-) (we use UID/GID's from 500 and up). I dunno what you are suggesting could be done on systems where the administrators have chosen to ignore the conventions. Even supposing the <1000 range was dynamically remapped to some other range on such systems, what's to stop the rogue admin from allocating there too? Kris --M9NhX3UHpAaciwkO Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (FreeBSD) iD8DBQFFVjyOWry0BWjoQKURAqRuAKDbYEMSCCM4GG8BLdf0vC3YtnxoigCfU4jX Jxs5ywGdwmx5geEvuOZR1sw= =SF9m -----END PGP SIGNATURE----- --M9NhX3UHpAaciwkO--