[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Static system level uid/gid's reservations in Fedora/RHEL - how to handle situation?



Hello,
at the moment static system level uid/gid's are handled by setup package
and /usr/share/doc/setup-*/uidgid file. There is threshold of system
uid/gid's - it's uid/gid 100. Another way to reserve "static" uid/gid
reservation is http://fedoraproject.org/wiki/PackageUserRegistry ...
usable only for Fedora and only semi-static (as base id could be easily
changed).
As we are running out of the free uid/gid's in uidgid reservation file
(no free gid's in fact at the moment), it has to be solved somehow...
there are quite often requests for uidgid reservations as it increases
security in many cases...

What's the best way to handle that situation? One possibility is to
increase the threshold of system level id's (to 200? 300?), another is
to check current reservation and clean long-term unused reservations (I
doubt there are many such cases, so it's only temporary solution). Other
could be sharing groups (as static uid's are still available), but
that's not always good solution.

Any other idea or some prefered solution?

Greetings,
         Ondřej Vašík

Attachment: signature.asc
Description: Toto je digitálně podepsaná část zprávy


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]