> Responding to multiple messages: > > On Fri, 20 Jan 2017 08:43:46 +0100 > "minek van" <minek...@mail.com> wrote: > > I can see that the default users and when creating new ones have > > their UID/GUID incremented by 1. > > > > Could it bring more security if the UIDs/GUIDs would be random? > > On Mon, 23 Jan 2017 11:51:29 -0500 > andrew fabbro <and...@fabbro.org> wrote: > > The OP was just talking about changing from "last +1" to arc4random. > > Synchronizing UID/GID across servers (if you're not using a directory > > of some sort) is the same headache regardless of how you pick them. > > > > If the OP meant every server has different, unique randomized > > UID/GIDs then that's a separate craziness. > > I can see this randomisation making systems management a bit more > difficult as a non-random GUID/UID setup can be used to do things like: > > GID 0 = wheel > GID 1-999 = privsep users, daemons, system > GID 1000-32765 = ordinary logins > GID 32766 = nogroup > GID 32767 = nobody > > Because the separation is clear and not so random, you can also set up > GIDs/UIDs (1000-32765) permanently across a site where they need to be > static, in the case of logged-in users. Very necessary for backups. > > However, the users 1-999 may change depending on what order you install > packages in. > > OpenBSD still randomizes PIDs, but I don't see the point these days: > https://security.stackexchange.com/questions/88692/do-randomized-pids-bring-more-security/89961
Sorry you lost me. I can't tell if you are supporting a useless idea, or declaring that a useless idea is not worth supporting.
