Some ebuilds that create new system accounts do it correctly, but its corresponding group is created as a normal group instead as a system group. Because of it, uid and gid don't match.
The file /etc/login.defs sets the range for normal and system UID and GID. Definitions are UID_MIN, UID_MAX, SYS_UID_MIN and SYS_UID_MAX (idem for GID).
I've verified this behaviour with packages: sys-apps/dbus-1.2.3-r1 (group messagebus), sys-apps/hal-0.5.11-r4 (haldaemon,plugdev), net-dns/avahi-0.6.24 (avahi,netdev), gnome-base/gdm-2.20.8 (gdm) and app-emulation/kvm-81 (kvm).
Steps to Reproduce:
1. Install any of the packages specified on the description field.
Groups for system services are created as normal groups: their assigned GID belong to the normal group range (1000-60000 by default).
Groups for system services should honour the settings in /etc/login.defs: SYS_GID_MIN and SYS_GID_MAX (whose default values are: 100-999).
This bug has some implications:
-From now on, no user or system account's uid will match with its gid.
-System groups use the normal group account range, and thus making it shorter than the user account range. (You may have room for new uid but not for gid)
-It's more difficult to tell which groups are user related and which are system related.
-It's plain weird and confusing, Gentoo is the only linux distro I've found to perform like this.
To sum up, this makes user administration more difficult.
Note that not all packages perform like this and some do it right, like net-misc/ntp or net-nds/portmap.
Created attachment 177373 [details]
elog for sys-apps/hal installation.
Created attachment 177374 [details]
elog for net-misc/ntp.
I've attached a couple of elogs. One for an incorrect system group creation (sys-apps/hal) and another for a good one (net-misc/ntp).
QA: Please verify the validity of this bug report. If it's valid, then we should turn this into a tracker bug and open separate bug reports per package.
ntp has the uid/gid hardcoded which is why you think it "worked". enewuser adds users between 100 and 1000, but enewgroup does not.
(In reply to comment #5)
> ntp has the uid/gid hardcoded which is why you think it "worked". enewuser
> adds users between 100 and 1000, but enewgroup does not.
Then enewgroup default behaviour should be changed to create system groups by default, shouldn't it? Is there a reason for an ebuild to create normal user/group accounts? Specially when enewuser already creates system user accounts.
Also, it's a problem that some ebuilds have the UID/GID hardcoded. Either ALL should be hardcoded or NONE. Mixing hardcoded and sequential can create "collisions". What if I install 124 services (with their respective sequential system accounts) and then I emerge ntp (which has GID 123 hardcoded)?
Is there a reason for some uid/gid pairs to be hardcoded?
i was only commenting on current enewgroup behavior. it probably should be changed as you suggest.
as for your other comments, no, nothing is going to change today with how UIDs are managed. everything is being done with Bug 53269 (which more than covers everything you've said).
(In reply to comment #7)
> i was only commenting on current enewgroup behavior. it probably should be
> changed as you suggest.
> as for your other comments, no, nothing is going to change today with how UIDs
> are managed. everything is being done with Bug 53269 (which more than covers
> everything you've said).
Thanks for pointing that interesting bug link. I may ask a few questions there.
BTW, I've found this:
Notice that it says nothing on GIDs, but it's expected that the same rules apply. Or at least, that's how other linux distros do it.
we dont particularly care about LSB. it's an indicator show how some other people might approach the issue, but we do not force anything in Gentoo to follow it in any way.
Seems letting this discussion happen in bug #53269 is better
*** This bug has been marked as a duplicate of bug 53269 ***