At 05:58 PM 11/11/2003 +0100, you wrote: > >What about generating a root group with mkgroup -l by default? > > root:S-1-5-32-544:0: > >The question is then, should it *also* generate an administrators entry > > Administrators:S-1-5-32-544:544: > >or should it generate the "root" entry *instead* of the administrators >entry?
You can add exim as another affected package. Obviously I am for maintaining compatibility with existing installations (544 must work), some of which still have Everybody with gid 0 (using 0 as mapping to S-1-5-32-544 is risky). Note that if a file has group S-1-5-32-544 and this is also the primary group of a user, then stat() will report the file gid as the gid of the user in the /etc/passwd file (due to caching). This could be 544 (e.g. when running as SYSTEM with existing password files) or 0 (with the new root user, with gid 0), independently of /etc/group. This indeterminacy might cause headaches during the transition period, it's hard to foresee all ramifications. This being said, exim shouldn't care as long as 544 maps to S-1-5-32-544. It autodetects if it is privileged and, if so, setgid(544) & setuid(18) to normalize its environment (that was done with Windows 2003 in mind). However the current exim-config script will produce warnings if 544 appears after 0 (I will modify it to learn the Admins gid). In summary, no problem (AFAICS) if 544 appears before 0. I need a decent transition period before you reverse the order (affects only new exim installs), and a long one before you get rid of 544 (affects existing installations). Pierre