On Fri, Dec 09, 2005 at 12:57:28PM +0100, Teddy Hogeborn wrote: > And it's not like this would be changed on a running system, right? > It would just be the default value in /var/yp/Makefile for new package > installations for new NIS master servers.
That is not the case. /var/yp/Makefile is a conffile and so will be updated if it hasn't been modified. > And I'm not actually seeing a conflict with policy in this case, since > policy does not mention NIS exporting at all. Policy and all the other packages in Debian that care about these things say that GIDs in the range 100-999 are reserved for dynamically allocated system users and groups. Since exporting random automatically created users and groups tends to cause hassle NIS does not export those ID ranges by default. > If you want to touch ground you (as the actual maintainer you might > get more responses than I got) could ask debian-policy if anyone would > OBJECT to the change. (From what I can see, absolutely no one on > -policy cares about this, since I have asked about this on two > occasions now and both times gotten no reply whatsoever.) You might find that coming up with a concrete proposal for policy might help there. > The only thing I can foresee delaying this change is if you really > want to be CERTAIN that no one does "adduser --system --group" 400 > times and suddenly gets into the exported GID range (not that I see > anyone actually doing that, but...). If you want to avoid even that > remote possibility, this change should be coordinated with a change in > the "adduser" package to lower LAST_SYSTEM_UID in /etc/adduser.conf. That would probably help too. A patch implementing support for the new GID range you want to add might also be helpful. > Is this what you want? Would you be willing to make the change if the > maintainers for "adduser" were, too? What I want is for any change in the default handling of UID and GID ranges in NIS to be made in other parts of Debian too. I am not going to unilaterally make this change in the NIS package. You are asking me to have the NIS package take part of an existing GID range and give it a new meaning without updating anything else in Debian to understand this. I don't think that's a good idea. It is very easy for people who want this behaviour to change their local configuration suitably. Doing it in NIS alone will at best provide a small part of what you are asking for and may actually cause breakage. -- "You grabbed my hand and we fell into it, like a daydream - or a fever."
signature.asc
Description: Digital signature
