This one time, at band camp, Tollef Fog Heen said: > The problem is when you then run addgroup foo, every user created > after that will not be considered to be a UPG user. Perhaps addgroup > shouldn't use the same gid range as what we are using for users, to > make this problem at least smaller, if not make it go away.
I've been unhappy for one reason or another with ideas like this in the past (gids below 100 are reserved, then there come system groups, then usergroups starting at 1000, unless you want to interoperate with RHEL and derivatives in which case they start at 500. You also don't want to pick a high range because large sites will have uids creep up from behind, etc. Blech) The current arrangement isn't brilliant, but it's at least clear that if a gid is >= 1000, it is not the gid of a system account (unless of course it's nobody/nogroup ... :) ), although you can't necessarily say much more than that. I suspect it will be simplest to just add a bit of logic to adduser to make it 'skip ahead' until it can get matching uids/gids. This will leave holes in both passwd and group, but that's not exactly a problem. FWIW, I tend to agree with Roger that the added step of uid == gid doesn't actually buy us all that much, but if other software we are currently shipping depends on that behavior, we might as well not deliberately break it. Cheers, -- ----------------------------------------------------------------- | ,''`. Stephen Gran | | : :' : sg...@debian.org | | `. `' Debian user, admin, and developer | | `- http://www.debian.org | -----------------------------------------------------------------
signature.asc
Description: Digital signature
