Hi Danny, Am Samstag, den 02.01.2021, 02:40 +0100 schrieb Danny Milosavljevic: > Hi Leo, > > On Sat, 02 Jan 2021 00:16:45 +0100 > Leo Prikler <leo.prik...@student.tugraz.at> wrote: > > > > And it indeed is possible to add (uid 4711) in the literal and it > > > will work > > > just fine. > > I'm aware you're joking, or at least I hope you are, > > What? It's perfectly reasonable for a distribution to have stable > system > user ids. > > That's what Debian supports, too: > > https://www.debian.org/doc/debian-policy/ch-opersys.html#uid-and-gid-classes > > > 0-99: > > Globally allocated by the Debian project, the same on every Debian > > system. These ids will appear in the passwd and group files of all > > Debian systems, new ids in this range being added automatically as > > the base-passwd package is updated. > > Packages which need a single statically allocated uid or gid should > > use one of these; their maintainers should ask the base-passwd > > maintainer for ids. > > [...] > > > 60000-64999: > > Globally allocated by the Debian project, but only created on > > demand. The ids are allocated centrally and statically, but the > > actual accounts are only >created on users’ systems on demand. > > [...] You do know, that services such as gdm, pulseaudio, avahi, sshd, mpd, and others fall into neither region, do you?
> And so does FreeBSD, > see > https://www.freebsd.org/doc/en/books/porters-handbook/users-and-groups.html > and https://github.com/freebsd/freebsd-ports/blob/master/UIDs for the > actual registry. If I had a guixbuilder for every account in that list, that I didn't need, I'd have a lot of guixbuilders. Probably more than I could allocate into a contiguous block under FreeBSD. > For that matter, IANA does this for ports and many other things. And > so on. > > Stable defaults are *good*. So is leaving room for other configurations. Some of the bindings we now consider "default" were only made because other ports were already claimed. Not to mention overlaps, such as port 465. > Right now, the Guix service user user-account record specifies 99% of > the > /etc/passwd entry. I indeed propose to make it 100% for system users > for Guix > system services. What's the remaining 1%? > > but I shouldn't have to point out why hardcoding ids into those > > literals is a > > bad idea. > > You have to point that out to us--especially since Guix service user > accounts > of the account-service-type extension can only be instantiated once > anyway. Unlike in other systems, where you'd expect people to manually fiddle around with such files and tragically fail, in Guix your OS config.scm should reflect the actual state of the system (modulo secrets, that can't be expressed currently). If you claim UID 92 for GDM like FreeBSD does, but people live on installations, that have the old default of 983 (or any other, depending on the number of guixbuilders you have), that's going to cause problems. Perhaps not the same problems that led to the creation of its activation-service, but still. That's not to say, that claiming such IDs is *always* bad, just that it's bad to do so without leaving room for configuration. I should likely have worded that better, but at the same time there was context from which one could have inferred, that I meant hardcoding IDs into unchanging constants. >From the solutions we do have so far, I believe that making user accounts an explicit part of service configuration (in what shape may still be up for debate), with reasonable defaults including numeric UIDs and GIDs (at least) for essential services such as GDM sounds like the best option. WDYT? Regards, Leo
