[opensuse] System UID and GID reference list available?
Hello, I wonder, if there is any UID and GID reference list (preferable in the form of /etc/passwd or /etc/group) available. The background is, that from time to time I get inconsistencies in my /etc/passwd and /etc/group files. One example: Currently the Smolt cron job on my openSUSE 11.4 does not work, because the cron job user "smolt" does not exist. I can not find any "useradd" and "groupadd" commands in the RPM scripts of Smolt. So reinstalling Smolt does not add the missing user. Now I tried to find the correct Smolt entries in a fresh openSUSE 11.4 installation. I found these lines in openSUSE 12.1 Beta 1: /etc/passwd:smolt:x:105:106:user for smolt:/usr/share/smolt:/sbin/nologin /etc/group:smolt:!:106: But the UID 105 and the GID 106 is already taken by user "haldaemon" and group "polkituser" on my openSUSE 11.4 system: haldaemon:x:105:107:User for haldaemon:/var/run/hald:/bin/false polkituser:!:106: I think, the UID and GID numbers are dynamically chosen. But is this really ok in all cases? It would be nice, if there is a list of system users and system groups. Other systems have such lists. For instance FreeBSD has the /usr/ports/UIDs (for system UIDs) and /usr/ports/GIDs (for system GIDs). Or is is really safe to use dynamic UID and GID values for system users? Björn -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Bjoern Voigt wrote:
It would be nice, if there is a list of system users and system groups. Other systems have such lists. For instance FreeBSD has the /usr/ports/UIDs (for system UIDs) and /usr/ports/GIDs (for system GIDs).
--- Why would it be nice to have to remember such a list and reserve such numbers for applications that don't need them? Why isn't it better to use a user lookup and get the uid that way?
Or is is really safe to use dynamic UID and GID values for system users?
--- Other than 'root', I don't think any are hard coded anywhere. A few are often below 10, lp, bin, daemon, to think of a few, likely because they are among the first created, more than anything else. But, conversely, would it be secure NOT to dynamically allocate them? I.e. any number other than root could be reprovisioned to another Userid...to rely on some mapping would be 'insane'? Artificially, I try to maintain a 1:1: uid:gid mapping so I can put each service/prog into it's own group, then add users to that service/group as they need or should have access. Having uid=guid for same name can simplify a mixed windows-samba site where windows maps has 1 idmap/machine that it allocates out of to uid's and gid's... spac -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Linda Walsh wrote:
Artificially, I try to maintain a 1:1: uid:gid mapping so I can put each service/prog into it's own group, then add users to that service/group as they need or should have access. Having uid=guid for same name can simplify a mixed windows-samba site where windows maps has 1 idmap/machine that it allocates out of to uid's and gid's... spac
It can also improve security. The default configuration in openSUSE has every user default to the users group and also makes the home directories group read and execute. This means every user can read your personal files, unless you change permissions. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Mon, Oct 17, 2011 at 08:45:10AM -0400, James Knott wrote:
Artificially, I try to maintain a 1:1: uid:gid mapping so I can put each service/prog into it's own group, then add users to that service/group as they need or should have access. Having uid=guid for same name can simplify a mixed windows-samba site where windows maps has 1 idmap/machine that it allocates out of to uid's and gid's... spac It can also improve security. The default configuration in openSUSE has every user default to the users group and also makes the home
Linda Walsh wrote: directories group read and execute. This means every user can read your personal files, unless you change permissions.
This is privacy, not security. Just saying. Ciao, Marcus -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Marcus Meissner wrote:
This is privacy, not security. Just saying.
I always thought privacy was part of security, in that you don't want unauthorized access to files. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 10/17/2011 09:57 AM, James Knott pecked at the keyboard and wrote:
Marcus Meissner wrote:
This is privacy, not security. Just saying.
I always thought privacy was part of security, in that you don't want unauthorized access to files.
Didn't you hear? BigBrother wants everyone spying on everyone and that can't happen if I don't have access to your files. :-) -- Ken Schneider SuSe since Version 5.2, June 1998 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Hello,
I wonder, if there is any UID and GID reference list (preferable in the form of /etc/passwd or /etc/group) available.
The background is, that from time to time I get inconsistencies in my /etc/passwd and /etc/group files.
One example: Currently the Smolt cron job on my openSUSE 11.4 does not work, because the cron job user "smolt" does not exist. I can not find any "useradd" and "groupadd" commands in the RPM scripts of Smolt. So reinstalling Smolt does not add the missing user. Now I tried to find the correct Smolt entries in a fresh openSUSE 11.4 installation. I found these lines in openSUSE 12.1 Beta 1:
/etc/passwd:smolt:x:105:106:user for smolt:/usr/share/smolt:/sbin/nologin /etc/group:smolt:!:106:
But the UID 105 and the GID 106 is already taken by user "haldaemon" and group "polkituser" on my openSUSE 11.4 system:
haldaemon:x:105:107:User for haldaemon:/var/run/hald:/bin/false polkituser:!:106:
I think, the UID and GID numbers are dynamically chosen. But is this really ok in all cases?
It would be nice, if there is a list of system users and system groups. Other systems have such lists. For instance FreeBSD has the /usr/ports/UIDs (for system UIDs) and /usr/ports/GIDs (for system GIDs).
Or is is really safe to use dynamic UID and GID values for system users?
Björn Normally user IDs are assigned sequentially and users are by default
Bjoern Voigt wrote: part of the users group. The assigned UID & GID are listed in /etc/passwd. The Yast User and Group Management utility will display user & group IDs. You can also use it to change them, add groups etc. Normally user IDs start at 1000. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (5)
-
Bjoern Voigt
-
James Knott
-
Ken Schneider - openSUSE
-
Linda Walsh
-
Marcus Meissner