UID/GID dynamic allocation in net/isc-dhcp3-server: why?

Simon L. Nielsen simon at FreeBSD.org
Sat Nov 11 13:05:07 PST 2006 

On 2006.11.11 15:48:05 -0500, Kris Kennaway wrote:
> On Sat, Nov 11, 2006 at 09:37:31PM +0100, Simon L. Nielsen wrote:
> > On 2006.11.11 21:12:09 +0200, Dmitry Pryanishnikov wrote:
> > 
> > >  I don't like the current behaviour of the net/isc-dhcp3-server port
> > > of creating 'dhcpd' user and group using dynamic allocation instead of
> > > having static one (as specified in /usr/ports/{U,G}IDs). I like the idea
> > > of [ug]id ranges, and dynamic allocation doesn't keep within this idea
> > > (ids of users and daemons get mixed). Is there specific reason why there
> > > is no static [ug]id for net/isc-dhcp3-server?
> > 
> > Personally I have it precisely the other way around - I find the
> > static allocations rather annoying since they are bound to collide
> > with existing UID's at some point.
> >
> > IMO the optimal solution would be to have some magic which auto
> > assigns ports/system UID/GID's from different ranges that normal
> > users.
> 
> Just so :)
> 
> UIDs below 1000 are (and have been for many years) allocated to the
> "system" (ports/src), and are not supposed to be allocated by
> administrators.  This at least works out of the box with some of the
> tools we have for allocating new users, so are you aware of any that
> don't do this?

I know that people are not suposed to use < 1000 and for normal users
and I havent seen any FreeBSD tools which uses low UID's for normal
users by default.  I don't do use low UID's new systems/sites, but
sometimes you have "old" systems/sites where that is just not the
case.  I'm certainly not saying we should bent over backwards to
support these legacy systems, I just want to point out that they do
exist.  I'm really not trying to start a big debate over static
vs. dynamic UID/GID allocations, the original mail just made it sound
to me like it was a universal truth that ports should use hardcoded
UID/GID's and it was always a good thing.

And the site where I have UID/GID's in the < 1000 range is called
FreeBSD.org :-) (we use UID/GID's from 500 and up).

-- 
Simon L. Nielsen

More information about the freebsd-ports mailing list