mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-11-25 16:33:15 +00:00
nixos/ids: explain *why* uids/gids shouldn't be above "399" (#353954)
This commit is contained in:
commit
97dd718fd0
@ -356,7 +356,24 @@ in
|
|||||||
localtimed = 325;
|
localtimed = 325;
|
||||||
automatic-timezoned = 326;
|
automatic-timezoned = 326;
|
||||||
|
|
||||||
# When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
|
# When adding a uid, make sure it doesn't match an existing gid.
|
||||||
|
#
|
||||||
|
# !!! Don't use uids above "399"! !!!
|
||||||
|
#
|
||||||
|
# The reason behind this restriction is that, NixOS by default allocates
|
||||||
|
# system user UIDs/GIDs in the range of `400..999`. System users/groups
|
||||||
|
# created using command like `useradd` will have UID and GID in this range[1].
|
||||||
|
#
|
||||||
|
# If a newly added ID goes beyond "399", it may conflict with existing
|
||||||
|
# system user or group of the same id in someone else's NixOS.
|
||||||
|
# This could break their system and make that person upset for a whole day.
|
||||||
|
#
|
||||||
|
# Sidenote: the default is defined in `shadow` module[2], and the relavent change
|
||||||
|
# was made way back in 2014[3].
|
||||||
|
#
|
||||||
|
# [1]: https://man7.org/linux/man-pages/man5/login.defs.5.html#:~:text=SYS_UID_MAX%20(number)%2C%20SYS_UID_MIN%20(number)
|
||||||
|
# [2]: <nixos/modules/programs/shadow.nix>
|
||||||
|
# [3]: https://github.com/NixOS/nixpkgs/commit/0e23a175de3687df8232fe118cbe87f04228ff28
|
||||||
|
|
||||||
nixbld = 30000; # start of range of uids
|
nixbld = 30000; # start of range of uids
|
||||||
nobody = 65534;
|
nobody = 65534;
|
||||||
@ -669,7 +686,24 @@ in
|
|||||||
|
|
||||||
# When adding a gid, make sure it doesn't match an existing
|
# When adding a gid, make sure it doesn't match an existing
|
||||||
# uid. Users and groups with the same name should have equal
|
# uid. Users and groups with the same name should have equal
|
||||||
# uids and gids. Also, don't use gids above 399!
|
# uids and gids.
|
||||||
|
#
|
||||||
|
# !!! Don't use gids above "399"! !!!
|
||||||
|
#
|
||||||
|
# The reason behind this restriction is that, NixOS by default allocates
|
||||||
|
# system user UIDs/GIDs in the range of `400..999`. System users/groups
|
||||||
|
# created using command like `useradd` will have UID and GID in this range[1].
|
||||||
|
#
|
||||||
|
# If a newly added ID goes beyond "399", it may conflict with existing
|
||||||
|
# system user or group of the same id in someone else's NixOS.
|
||||||
|
# This could break their system and make that person upset for a whole day.
|
||||||
|
#
|
||||||
|
# Sidenote: the default is defined in `shadow` module[2], and the relavent change
|
||||||
|
# was made way back in 2014[3].
|
||||||
|
#
|
||||||
|
# [1]: https://man7.org/linux/man-pages/man5/login.defs.5.html#:~:text=SYS_UID_MAX%20(number)%2C%20SYS_UID_MIN%20(number)
|
||||||
|
# [2]: <nixos/modules/programs/shadow.nix>
|
||||||
|
# [3]: https://github.com/NixOS/nixpkgs/commit/0e23a175de3687df8232fe118cbe87f04228ff28
|
||||||
|
|
||||||
# For exceptional cases where you really need a gid above 399, leave a
|
# For exceptional cases where you really need a gid above 399, leave a
|
||||||
# comment stating why.
|
# comment stating why.
|
||||||
|
Loading…
Reference in New Issue
Block a user