On Mon, Jun 13, 2022 at 11:27:07AM +0200, Georges Khaznadar wrote: > I reassigned bug #1012622 to base-passwd, in order to make constant the > group id for crontab. I believe that the arguments provided by Johannes > Schauer Marin Rodrigues are strong enough to propose a change.
I'm afraid I am not very convinced by this line of argument; it seems very weak and circumstantial. It leaves us in a position where every package with a user or group that might conceivably end up owning files in a system image will want to have a static ID, and there will be no particularly good way to draw distinctions between which ones should and which ones shouldn't. The space of available static IDs is large (60000-64999), but not infinite; I would much rather push back on this proposal since otherwise there will be no incentive to come up with a more reasonably-scalable approach. The cases where I allocate static IDs at present are typically those where it's important for interoperability that they be the same on all systems, often situations involving networked filesystems and such. > > Excellent question! So in general, it would be great if there was a > > declarative > > way to allocate user and group ids at installation time, so that different > > installation ordering by apt would not lead to different user and group ids. > > Alas, we do not have such a mechanism and talking with developers of apt and > > dpkg revealed no easy way to create it. Why would this be a matter for apt/dpkg, rather than for adduser? Yes, there have been various conversations about doing declarative user/group creation in dpkg, but at present dynamic system users/groups are created by adduser. Couldn't we fairly easily add a configuration file that adduser would read with preseeded user/group IDs for various names, and have it preferentially use those IDs if available rather than picking arbitrarily from the relevant ID namespace? This certainly seems a lot easier than adding declarative user/group creation to dpkg. -- Colin Watson (he/him) [cjwat...@debian.org]
