Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/user-group.html
blob: 040a3c1beecec8f111a0b165e831dadbf5028385 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168

<!DOCTYPE html>

<html xmlns="http://www.w3.org/1999/xhtml">
  <head>
    <meta charset="utf-8" />
    <title>Users and groups &#8212; Gentoo Policy Guide  documentation</title>
    <link rel="stylesheet" href="_static/alabaster.css" type="text/css" />
    <link rel="stylesheet" href="_static/pygments.css" type="text/css" />
    <script type="text/javascript" id="documentation_options" data-url_root="./" src="_static/documentation_options.js"></script>
    <script type="text/javascript" src="_static/jquery.js"></script>
    <script type="text/javascript" src="_static/underscore.js"></script>
    <script type="text/javascript" src="_static/doctools.js"></script>
    <script type="text/javascript" src="_static/language_data.js"></script>
    <link rel="index" title="Index" href="genindex.html" />
    <link rel="search" title="Search" href="search.html" />
    <link rel="prev" title="USE flags" href="use-flags.html" />
   
  <link rel="stylesheet" href="_static/custom.css" type="text/css" />
  
  
  <meta name="viewport" content="width=device-width, initial-scale=0.9, maximum-scale=0.9" />

  </head><body>
  

    <div class="document">
      <div class="documentwrapper">
        <div class="bodywrapper">
          

          <div class="body" role="main">
            
  <div class="section" id="users-and-groups">
<h1>Users and groups<a class="headerlink" href="#users-and-groups" title="Permalink to this headline"></a></h1>
<span class="target" id="index-0"></span><div class="section" id="user-and-group-account-policy">
<span id="index-1"></span><h2>User and group account policy<a class="headerlink" href="#user-and-group-account-policy" title="Permalink to this headline"></a></h2>
<dl class="field-list simple">
<dt class="field-odd">Source</dt>
<dd class="field-odd"><p>QA</p>
</dd>
<dt class="field-even">Reference</dt>
<dd class="field-even"><p><a class="reference external" href="https://bugs.gentoo.org/702460">https://bugs.gentoo.org/702460</a></p>
</dd>
<dt class="field-odd">Reported</dt>
<dd class="field-odd"><p>by repoman and pkgcheck (as deprecated eclass)</p>
</dd>
</dl>
<p>All new user/group accounts must be created via <a class="reference external" href="https://www.gentoo.org/glep/glep-0081.html">GLEP 81</a> packages.
The existing packages should be migrated on the next version bump or
major update.</p>
<p>Existing and historical fixed UIDs/GIDs in range 0..499 (used
in baselayout or via user.eclass) as listed in uid-gid.txt can be reused
as-is in acct-* packages.</p>
<p>UIDs and GIDs in range 0..100 are reserved for important system
accounts.  New assignments in that range need to be explicitly approved
by the QA lead, in response to a justified request from the developer.</p>
<p>The range 101..499 is provided for regular use by packages.
The assignments from this range follow the following rules:</p>
<ol class="arabic simple">
<li><p>A developer can select an arbitrary free UID/GID from this range.
If in doubt, it is recommended to select successive numbers from 499
downwards.</p></li>
<li><p>Unless there is a very good reason not to, matching users and groups
should use the same number.  It is acceptable to leave gaps
in assignments as a result of that.</p></li>
<li><p>Before pushing the new acct-* packages, the developer must push
an update to uid-gid.txt adding the ‘acct’ entry for the desired
UID/GID.  This serves as a synchronization primitive to prevent
collisions.</p></li>
</ol>
<p>Further UID/GID ranges will be open in the future as the need arises.</p>
<p><em>Rationale</em>: this is the second version of the policy for GLEP 81
packages.  It simplifies the process to aid rapid adoption of the new
system.  Review requirement and pointless cross-distro syncing were
removed, in favor of a simple process of allocating the next free number
and using it.</p>
<p>The ranges have been chosen to delay the imminent collision between
explicitly reserved UIDs / GIDs and the ones allocated dynamically by
user.eclass (starting from 999 downwards).  The lowest GID range has
been reserved for true system users and groups.</p>
</div>
</div>


          </div>
          
        </div>
      </div>
      <div class="sphinxsidebar" role="navigation" aria-label="main navigation">
        <div class="sphinxsidebarwrapper">
<h1 class="logo"><a href="index.html">Gentoo Policy Guide</a></h1>








<h3>Navigation</h3>
<p class="caption"><span class="caption-text">Contents:</span></p>
<ul class="current">
<li class="toctree-l1"><a class="reference internal" href="preface.html">Preface</a></li>
<li class="toctree-l1"><a class="reference internal" href="motivation.html">Motivation and history</a></li>
<li class="toctree-l1"><a class="reference internal" href="basics.html">Basic information</a></li>
<li class="toctree-l1"><a class="reference internal" href="other-docs.html">Other policy documents</a></li>
<li class="toctree-l1"><a class="reference internal" href="dependencies.html">Dependencies</a></li>
<li class="toctree-l1"><a class="reference internal" href="ebuild-format.html">Ebuild file format</a></li>
<li class="toctree-l1"><a class="reference internal" href="filesystem.html">File system layout</a></li>
<li class="toctree-l1"><a class="reference internal" href="installed-files.html">Installed files</a></li>
<li class="toctree-l1"><a class="reference internal" href="keywords.html">Keywording and stabilization</a></li>
<li class="toctree-l1"><a class="reference internal" href="languages.html">Language-specific policies</a></li>
<li class="toctree-l1"><a class="reference internal" href="other-metadata.html">Other metadata variables</a></li>
<li class="toctree-l1"><a class="reference internal" href="use-flags.html">USE flags</a></li>
<li class="toctree-l1 current"><a class="current reference internal" href="#">Users and groups</a><ul>
<li class="toctree-l2"><a class="reference internal" href="#user-and-group-account-policy">User and group account policy</a></li>
</ul>
</li>
</ul>

<div class="relations">
<h3>Related Topics</h3>
<ul>
  <li><a href="index.html">Documentation overview</a><ul>
      <li>Previous: <a href="use-flags.html" title="previous chapter">USE flags</a></li>
  </ul></li>
</ul>
</div>
<div id="searchbox" style="display: none" role="search">
  <h3 id="searchlabel">Quick search</h3>
    <div class="searchformwrapper">
    <form class="search" action="search.html" method="get">
      <input type="text" name="q" aria-labelledby="searchlabel" />
      <input type="submit" value="Go" />
    </form>
    </div>
</div>
<script type="text/javascript">$('#searchbox').show(0);</script>








        </div>
      </div>
      <div class="clearer"></div>
    </div>
    <div class="footer">
      &copy;2020, Gentoo Authors.
      
      |
      Powered by <a href="http://sphinx-doc.org/">Sphinx 2.3.1</a>
      &amp; <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.12</a>
      
      |
      <a href="_sources/user-group.rst.txt"
          rel="nofollow">Page source</a>
    </div>

    

    
  </body>
</html>