Adduser devel - Dec 2006 - Bug#402288: adduser allows UIDs < 100

Package: adduser
Version: 3.100

According to the policy, UIDs and GIDs less than 100 are the same on all 
Debian systems and come from the base-passwd package. The adduser man page 
says adduser and addgroup "are friendlier front ends to tools like 
useradd, groupadd and usermod programs, choosing Debian policy conformant 
UID and GID values --." However, the programs don''t enforce this
policy
item or remind about it in the documentation.

The consequences of this bug in the worst case are the consequences of 
having non-conformant IDs on the system. Those in turn depend on the 
assumptions made based on the policy item.

I propose the following changes:

1. When adduser or addgroup is going to add an id < 100, it prints a 
   warning message about policy to stderr: "Warning! According to Debian 
   Policy, system administators shouldn''t create UIDs < 100."

2. The adduser man page excerpt says "by default choosing" instead of 
   "choosing".

3. /etc/adduser.conf and the adduser.conf man page include in their 
   documentation of FIRST_SYSTEM_UID the note: "Please note that system 
   software may assume that UIDs less than 100 are unallocated."


-- 
-- Trying to catch me? Just follow up my Electric Fingerprints
-- To help you: Tuukka.Hastrup@iki.fi
                http://www.iki.fi/Tuukka.Hastrup/

This one time, at band camp, Tuukka Hastrup said:
> According to the policy, UIDs and GIDs less than 100 are the same on all 
> Debian systems and come from the base-passwd package. The adduser man page 
> says adduser and addgroup "are friendlier front ends to tools like 
> useradd, groupadd and usermod programs, choosing Debian policy conformant 
> UID and GID values --." However, the programs don''t enforce
this policy
> item or remind about it in the documentation.
I understand you to be saying that when you override adduser''s
default''s, it allows you to create a user with uid < 100 ?  Is that
correct?
-- 
 -----------------------------------------------------------------
|   ,''''`.                                            Stephen
Gran |
|  : :'' :                                        sgran@debian.org |
|  `. `''                        Debian user, admin, and developer |
|    `-                                     http://www.debian.org |
 -----------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url :
http://lists.alioth.debian.org/pipermail/adduser-devel/attachments/20061209/e61b83f9/attachment.pgp

On Sat, 9 Dec 2006, Stephen Gran wrote:
> This one time, at band camp, Tuukka Hastrup said:
> > According to the policy, UIDs and GIDs less than 100 are the same on
all
> > Debian systems and come from the base-passwd package. The adduser man
page
> > says adduser and addgroup "are friendlier front ends to tools
like
> > useradd, groupadd and usermod programs, choosing Debian policy
conformant
> > UID and GID values --." However, the programs don''t
enforce this policy
> > item or remind about it in the documentation.
> 
> I understand you to be saying that when you override adduser''s
> default''s, it allows you to create a user with uid < 100 ?  Is
that
> correct?
Yes, it provides mechanisms for that and doesn''t inform the user of the
consequences. That is, as adduser promises to be a friendly front end, it 
shouldn''t expect the local system administrator to know the traps in
the
Debian Policy.


-- 
-- Trying to catch me? Just follow up my Electric Fingerprints
-- To help you: Tuukka.Hastrup@iki.fi
                http://www.iki.fi/Tuukka.Hastrup/

This one time, at band camp, Tuukka Hastrup said:
> On Sat, 9 Dec 2006, Stephen Gran wrote:
> > This one time, at band camp, Tuukka Hastrup said:
> > > According to the policy, UIDs and GIDs less than 100 are the same
> > > on all Debian systems and come from the base-passwd package. The
> > > adduser man page says adduser and addgroup "are friendlier
front
> > > ends to tools like useradd, groupadd and usermod programs,
> > > choosing Debian policy conformant UID and GID values --."
However,
> > > the programs don''t enforce this policy item or remind
about it in
> > > the documentation.
> > 
> > I understand you to be saying that when you override
adduser''s
> > defaults, it allows you to create a user with uid < 100 ?  Is that
> > correct?
> 
> Yes, it provides mechanisms for that and doesn''t inform the user
of
> the consequences. That is, as adduser promises to be a friendly front
> end, it shouldn''t expect the local system administrator to know
the
> traps in the Debian Policy.
So, you want adduser to warn the admin that it''s doing what
it''s been
told to do?  I''m not yett convinced, sorry.

I''m also not completely sure what actual harm comes of this, unless you
combine several willfull steps to make something go wrong.  If you can
demonstrate consequences, I think I''ll be more inclined to agree that
something should be done about it.

You see, I think there''s a balance between making adduser helpful to
people who don''t want to have to care about policy compliant user
management, and making it a useful general purpose user management tool
for people who know the risks and still want to do unusual things.  I''m
worried this will make it more irritating for the second group, without
providing much benefit to the first group.

Take care,
-- 
 -----------------------------------------------------------------
|   ,''''`.                                            Stephen
Gran |
|  : :'' :                                        sgran@debian.org |
|  `. `''                        Debian user, admin, and developer |
|    `-                                     http://www.debian.org |
 -----------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url :
http://lists.alioth.debian.org/pipermail/adduser-devel/attachments/20061209/b98aa920/attachment.pgp

Your message dated Sat, 23 Dec 2006 12:02:02 +0000
with message-id <E1Gy5Zi-00012X-Ll@ries.debian.org>
and subject line Bug#402288: fixed in adduser 3.101
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

-------------- next part --------------
An embedded message was scrubbed...
From: Tuukka Hastrup <Tuukka.Hastrup@iki.fi>
Subject: adduser allows UIDs < 100
Date: Sat, 9 Dec 2006 13:35:45 +0200 (EET)
Size: 2869
Url:
http://lists.alioth.debian.org/pipermail/adduser-devel/attachments/20061223/60f421a8/attachment.mht
-------------- next part --------------
An embedded message was scrubbed...
From: Marc Haber <mh+debian-packages@zugschlus.de>
Subject: Bug#402288: fixed in adduser 3.101
Date: Sat, 23 Dec 2006 12:02:02 +0000
Size: 3379
Url:
http://lists.alioth.debian.org/pipermail/adduser-devel/attachments/20061223/60f421a8/attachment-0001.mht