Re: about common group & user ID space (PR kern/14584)

From: Sergey Babkin (babkin@bellatlantic.net)
Date: 03/20/01 

Date: Mon, 19 Mar 2001 20:00:39 -0500
From: Sergey Babkin <babkin@bellatlantic.net>
To: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>

Cy Schubert - ITSD Open Systems Group wrote:
>
> In message <3AB3FC38.94711FFF@bellatlantic.net>, Sergey Babkin writes:
> > All,
> >
> > I want to commit PR kern/14584. I've been told that it's good
>
> >From an operational standpoint I see one problem. Some sites use UID
> 0-999 and 65000-65535 for use by special accounts, such as www, ftp,
> oracle, etc. In some cases this policy is dictated by a desire to have
> some kind of commonality across various vendor platforms, some of which
> reserve some odd UID's and GID's for vendor supplied software or
> purposes. The only suggestion I would make is that a range could be
> specified. For example instead of vfs.commonid, vfs.commonid.low and
> vfs.commonid.high, allowing a site to, for example, reserve UID/GID's
> 10000-19999 or any other range as common ID's.

I'm not sure if it's so important: probably, normally the IDs
around 65535 are used for things like nobody/nogroup. But since
it's easy to implement, I guess it would not hurt. So I agree
with this proposal.

-SB

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Quantcast