The eclass curently has: MY_CONF+=( --with-suexec-uidmin=${SUEXEC_MINUID:-1000} ) The default value of 1000 means trouble for service users. In fact, I've found at least two packages (mail-filter/dspam, www-apps/rt) that reinvent user.eclass logic to force UID >= 1000. I've did some investigation and couldn't find any rationale for this. Originally, net-www/apache used minuid/mingid 96. This was changed in 2002 to 1000/1000: + 9 Apr 2002; Donny Davies <woodchip@gentoo.org> apache-1.3.24-r1.ebuild : + + Massive port rewrite! Borrowed many ideas/pieces from abroad, but mostly Mandrake :) Sadly, the commit message doesn't indicate any specific reason for the change. I suspect it might have been one of the things 'borrowed'. Afterwards, mingid was changed to 100 as a result of bug #2682. If there's really no good reason to use 1000 here, I would suggest changing it back to upstream default 100, so the relevant packages could reserve UIDs in the GLEP 81 permitted range.
<Polynomial-C> mgorny: feel free to fix it... Does anyone else have any opinion on this? I haven't used Apache for a few years now, so I'd prefer not to make the decision myself. Also, should we issue a news item for it? I suppose this may impact security.
