Details
- Reviewers
wblock remko bcr - Commits
- rD46514: - uid/gid identification numbers should be the same
Diff Detail
- Repository
- rD FreeBSD doc repository - subversion
- Lint
Lint Skipped - Unit
Tests Skipped
Event Timeline
The text is okay for me but it triggers a new discussion for me.
We are running out of UIDs, so we should think about reserving a new block of UIDS, e.g. 64000 and higher.
Should may be a strong word here, but I think it should be encouraged. If you're going to reserve one, reserve the other too for future usage.
It's going to get very ugly when people have to start plugging random holes to get UIDs and GIDs for their ports, and people will make mistakes as a result (see: recent conflict between dnscrypt-proxy and sguil). We can help curb that now with D2268.
Maybe it's just my OCD, but it's much more pleasant when they are identical....
| porters-handbook/special/chapter.xml | ||
|---|---|---|
| 4627 ↗ | (On Diff #4759) | This sentence is kind of unclear. "a certain user" is vague, should be something more definite like "a particular user account". Likewise, "on" can mean several things, including "logged in". Finally, "installed system" is kind of weird. Some ports require a specific user account to be present on the target system. |
| 4628 ↗ | (On Diff #4759) | s/Choose/For these ports, choose/ |
| 4631 ↗ | (On Diff #4759) | The standard form as an abbreviation for "identification" should be capitalized (in this line and the previous line). Some would say it's an acronym, but it's not, really. |
| porters-handbook/special/chapter.xml | ||
|---|---|---|
| 4 ↗ | (On Diff #4769) | The "unique" is not needed in this sentence. The way this was, the first sentence explains that some ports need particular, specific user accounts. Then the second sentence gives details about the account creation. Really, the first part should explain why a user account is needed. How about: Some ports require a particular user account to be present, usually for daemons that run as that user. For these ports... |
My point is the reason we have user names and group names that map to whatever id we want is that we don't care about the id numbers, it's the name that counts, the id are just numbers nobody but the filesystem uses.
Yes, we're running out, reserving some other range is non trivial. We would be far better off if someone would garbage collect unused ones.
Also, not all ports need a different id, for example, there are 8 uids reserved for irc servers, same goes for all dns servers, they each have one different set, they should all use only one set of uid/gid.
add me to the "make GID match UID by policy" crowd.
There is no benefit to allowing a mismatch and there is certainly a negative aspect to it. Confusion is definitely possible with standard mismatches.
Reaping IDs is just delaying the inevitable. We don't have to use a new block until the first 999 are gone, but another one should be in wings. Out of 64500 additional IDs, surely it's not that difficult to find another 1000-2000 to reserve for then.
As far as the language and markup, approved. It appears that the discussion about GID/UID does not directly affect the current content. If it does, that can be addressed with a later change.
Thanks!