On Sun, May 14, 2017 at 3:59 AM, Daniel Golle <dan...@makrotopia.org> wrote: > Hi Val, > > On Sat, May 13, 2017 at 06:23:29PM -0400, Val Kulkov wrote: >> Is there any convention on the use of uid and gid when creating new >> users or groups? Can someone point me to it, if it exists? >> >> I noticed that two packages, icecast and postfix, compete for the same >> uid=87: >> >> icecast's Makefile: >> USERID:=icecast=87:icecast=87 >> >> postfix's postfix.init: >> user_exists postfix || user_add postfix 87 > > This looks wrong to me (user_add in the init script)... > >> >> There may be more packages competing for the same uid/gid's, I have >> not fully researched it. >> >> I am preparing a new package, opendkim, which should be run as a >> non-privileged user. For this, >> USERID:=opendkim=<something>:opendkim=<something> seems appropriate, >> but what numbers should I assign? > > I run into this issue before and believe that we should have a wiki > page which allows registering static UIDs/GIDs at least for the > packages which actually need that (ie. if a specific UID or GID is > referenced in other packages, or scripts like firewall rules, ...). > Grep'ing for USERID allows to automatically generate that list based > on the currently available packages very easily. > > Examples from elsewhere for inspiration: > > FreeBSD got those lists > https://svnweb.freebsd.org/ports/head/UIDs?view=markup > https://svnweb.freebsd.org/ports/head/GIDs?view=markup > > linuxfromscratch got a much smaller list for essential/system UIDs/GIDs > http://linuxfromscratch.org/blfs/view/svn/postlfs/users.html > > > Cheers >
Just woke up from the weekend. I recommend trying this out [based on lldpd] : https://github.com/lede-project/source/blob/master/package/network/services/lldpd/Makefile#L35 We use lldpd and this seems to work ; lldpd does some priv separation. Alex > > Daniel > > _______________________________________________ > Lede-dev mailing list > Lede-dev@lists.infradead.org > http://lists.infradead.org/mailman/listinfo/lede-dev _______________________________________________ Lede-dev mailing list Lede-dev@lists.infradead.org http://lists.infradead.org/mailman/listinfo/lede-dev
