diff options
| author |   Michał Górny <mgorny@gentoo.org> | 2020-01-08 15:08:06 +0100 |
|---|---|---|
| committer | Michał Górny <mgorny@gentoo.org> | 2020-01-08 15:08:06 +0100 |
| commit | 948bbef11c4b1dd6abe97ad90e71c0a396a9a843 (patch) | |
| tree | 2c9a34611771ab771a2c48157849d735c7795d9b /user-group.rst | |
| parent | Anti-eblit policy (diff) | |
| download | policy-guide-948bbef11c4b1dd6abe97ad90e71c0a396a9a843.tar.gz policy-guide-948bbef11c4b1dd6abe97ad90e71c0a396a9a843.tar.bz2 policy-guide-948bbef11c4b1dd6abe97ad90e71c0a396a9a843.zip | |
User/group policy
Signed-off-by: Michał Górny <mgorny@gentoo.org>
Diffstat (limited to 'user-group.rst')
| -rw-r--r-- | user-group.rst | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/user-group.rst b/user-group.rst new file mode 100644 index 0000000..389f3b9 --- /dev/null +++ b/user-group.rst @@ -0,0 +1,55 @@ +Users and groups +================ + +.. index:: user +.. index:: group + +User and group account policy +----------------------------- +:Source: QA +:Reference: https://bugs.gentoo.org/702460 +:Reported: by repoman and pkgcheck (as deprecated eclass) + +All new user/group accounts must be created via `GLEP 81`_ packages. +The existing packages should be migrated on the next version bump or +major update. + +Existing and historical fixed UIDs/GIDs in range 0..499 (used +in baselayout or via user.eclass) as listed in uid-gid.txt can be reused +as-is in acct-* packages. + +UIDs and GIDs in range 0..100 are reserved for important system +accounts. New assignments in that range need to be explicitly approved +by the QA lead, in response to a justified request from the developer. + +The range 101..499 is provided for regular use by packages. +The assignments from this range follow the following rules: + +1. A developer can select an arbitrary free UID/GID from this range. + If in doubt, it is recommended to select successive numbers from 499 + downwards. + +2. Unless there is a very good reason not to, matching users and groups + should use the same number. It is acceptable to leave gaps + in assignments as a result of that. + +3. Before pushing the new acct-* packages, the developer must push + an update to uid-gid.txt adding the 'acct' entry for the desired + UID/GID. This serves as a synchronization primitive to prevent + collisions. + +Further UID/GID ranges will be open in the future as the need arises. + +*Rationale*: this is the second version of the policy for GLEP 81 +packages. It simplifies the process to aid rapid adoption of the new +system. Review requirement and pointless cross-distro syncing were +removed, in favor of a simple process of allocating the next free number +and using it. + +The ranges have been chosen to delay the imminent collision between +explicitly reserved UIDs / GIDs and the ones allocated dynamically by +user.eclass (starting from 999 downwards). The lowest GID range has +been reserved for true system users and groups. + + +.. _GLEP 81: https://www.gentoo.org/glep/glep-0081.html |