Cy Schubert - ITSD Open Systems Group wrote:
>
> In message <3AB3FC38.94711FFFbellatlantic.net>, Sergey Babkin writes:
> > All,
> >
> > I want to commit PR kern/14584. I've been told that it's good
>
> >From an operational standpoint I see one problem. Some sites use UID
> 0-999 and 65000-65535 for use by special accounts, such as www, ftp,
> oracle, etc. In some cases this policy is dictated by a desire to have
> some kind of commonality across various vendor platforms, some of which
> reserve some odd UID's and GID's for vendor supplied software or
> purposes. The only suggestion I would make is that a range could be
> specified. For example instead of vfs.commonid, vfs.commonid.low and
> vfs.commonid.high, allowing a site to, for example, reserve UID/GID's
> 10000-19999 or any other range as common ID's.

I'm not sure if it's so important: probably, normally the IDs
around 65535 are used for things like nobody/nogroup. But since
it's easy to implement, I guess it would not hurt. So I agree
with this proposal.

-SB

To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]