[LEDE-DEV] convention on uid/gid for packages
Alexandru Ardelean
ardeleanalex at gmail.com
Sun May 14 23:30:03 PDT 2017
On Sun, May 14, 2017 at 3:59 AM, Daniel Golle <daniel at makrotopia.org> wrote:
> Hi Val,
>
> On Sat, May 13, 2017 at 06:23:29PM -0400, Val Kulkov wrote:
>> Is there any convention on the use of uid and gid when creating new
>> users or groups? Can someone point me to it, if it exists?
>>
>> I noticed that two packages, icecast and postfix, compete for the same uid=87:
>>
>> icecast's Makefile:
>> USERID:=icecast=87:icecast=87
>>
>> postfix's postfix.init:
>> user_exists postfix || user_add postfix 87
>
> This looks wrong to me (user_add in the init script)...
>
>>
>> There may be more packages competing for the same uid/gid's, I have
>> not fully researched it.
>>
>> I am preparing a new package, opendkim, which should be run as a
>> non-privileged user. For this,
>> USERID:=opendkim=<something>:opendkim=<something> seems appropriate,
>> but what numbers should I assign?
>
> I run into this issue before and believe that we should have a wiki
> page which allows registering static UIDs/GIDs at least for the
> packages which actually need that (ie. if a specific UID or GID is
> referenced in other packages, or scripts like firewall rules, ...).
> Grep'ing for USERID allows to automatically generate that list based
> on the currently available packages very easily.
>
> Examples from elsewhere for inspiration:
>
> FreeBSD got those lists
> https://svnweb.freebsd.org/ports/head/UIDs?view=markup
> https://svnweb.freebsd.org/ports/head/GIDs?view=markup
>
> linuxfromscratch got a much smaller list for essential/system UIDs/GIDs
> http://linuxfromscratch.org/blfs/view/svn/postlfs/users.html
>
>
> Cheers
>
Just woke up from the weekend.
I recommend trying this out [based on lldpd] :
https://github.com/lede-project/source/blob/master/package/network/services/lldpd/Makefile#L35
We use lldpd and this seems to work ; lldpd does some priv separation.
Alex
>
> Daniel
>
> _______________________________________________
> Lede-dev mailing list
> Lede-dev at lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/lede-dev
More information about the Lede-dev
mailing list