UID/GID dynamic allocation in net/isc-dhcp3-server: why?
Dmitry Pryanishnikov
dmitry at atlantis.dp.ua
Mon Nov 13 09:53:16 PST 2006
Hello!
On Mon, 13 Nov 2006, Sergey Skvortsov wrote:
>> Personally I have it precisely the other way around - I find the
>> static allocations rather annoying since they are bound to collide
>> with existing UID's at some point.
>
> I disagree because static allocation is _very_ useful when you install
> many similar applications into several jails on the same host machine.
>
> Otherwise, if you'll use dynamic *ID allocation even simple "top" on
> host machine may show very strange and inadequate results if identical
> services are running with different UIDs.
Yes, I've almost forgotten about jails. It's very important to keep the
same [ug]ids for the same installed ports in different jails. This simplifies
jail management a lot. E.g., one can uniformly allow/deny traffic for the same
port-installed applications by just writing 'pass tcp .... uid clamav'. So
yes, it seems that static [ug]id allocation is the right way to go.
> Sergey Skvortsov
> mailto: skv at FreeBSD.org
Sincerely, Dmitry
--
Atlantis ISP, System Administrator
e-mail: dmitry at atlantis.dp.ua
nic-hdl: LYNX-RIPE
More information about the freebsd-ports
mailing list