Description William L. Thomson Jr. (RETIRED) 2006-02-07 14:44:23 UTC

Not sure where it falls exactly. It seems that users and groups exist by default that might not need to be there. From a security stand point that could be bad, even if they are dead accounts. Mostly to applications that may never be installed.

On a related but different note it seems allot of packages add common users and groups. Without specifying or conforming to any uid/gid standard or format. Causing differences amoung the same application on different machines.

Not sure if one exists, and packages just do not follow it. Or if it's done this way for security. Sseems as if a standard or format should be created. If for nothing else than to be part of the Gentoo system or way of doing things.

Now I could understand in a way if different uid/gid was done that way for security purposes. Maybe for conflict purposes with existing uid/gid. However conflicts and be resolved buy conforming to the "standard".

However, if the uid/gid thing (just add user don't specify uid/gid via portage) is a security feature. Having users and groups exist for apps that are not installed or otherwise is sort of a direct contradiction. First they do not need to be there. Second they are conforming to the same uid/gid on all machines.

If a plan, stardard, format, what ever it is to be called is not in the works or exists, Might be a good idea to come up with one and implement it ASAP. For both security, and ease of administration across multiple machines with simliar applications.

Just some thoughts, open for comment, debate, final decision, etc.