Bug#402288: [Adduser-devel] Bug#402288: adduser allows UIDs < 100

Stephen Gran sgran at debian.org
Sat Dec 9 14:23:23 CET 2006 

This one time, at band camp, Tuukka Hastrup said:
> On Sat, 9 Dec 2006, Stephen Gran wrote:
> > This one time, at band camp, Tuukka Hastrup said:
> > > According to the policy, UIDs and GIDs less than 100 are the same
> > > on all Debian systems and come from the base-passwd package. The
> > > adduser man page says adduser and addgroup "are friendlier front
> > > ends to tools like useradd, groupadd and usermod programs,
> > > choosing Debian policy conformant UID and GID values --." However,
> > > the programs don't enforce this policy item or remind about it in
> > > the documentation.
> > 
> > I understand you to be saying that when you override adduser's
> > defaults, it allows you to create a user with uid < 100 ?  Is that
> > correct?
> 
> Yes, it provides mechanisms for that and doesn't inform the user of
> the consequences. That is, as adduser promises to be a friendly front
> end, it shouldn't expect the local system administrator to know the
> traps in the Debian Policy.

So, you want adduser to warn the admin that it's doing what it's been
told to do?  I'm not yett convinced, sorry.

I'm also not completely sure what actual harm comes of this, unless you
combine several willfull steps to make something go wrong.  If you can
demonstrate consequences, I think I'll be more inclined to agree that
something should be done about it.

You see, I think there's a balance between making adduser helpful to
people who don't want to have to care about policy compliant user
management, and making it a useful general purpose user management tool
for people who know the risks and still want to do unusual things.  I'm
worried this will make it more irritating for the second group, without
providing much benefit to the first group.

Take care,
-- 
 -----------------------------------------------------------------
|   ,''`.                                            Stephen Gran |
|  : :' :                                        sgran at debian.org |
|  `. `'                        Debian user, admin, and developer |
|    `-                                     http://www.debian.org |
 -----------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/adduser-devel/attachments/20061209/b98aa920/attachment.pgp

More information about the Adduser-devel mailing list