why does userid have to be >1000

kubewarden / user-group-psp-policy

This Kubewarden Policy is a replacement for the Kubernetes Pod Security Policy that controls containers user and groups

https://kubewarden.io

Apache License 2.0

7 stars 4 forks source link

why does userid have to be >1000 #4

Closed chrisns closed 2 years ago

chrisns commented 2 years ago

Given this is a PSP replacement, I'm not sure why this additional validation needs to exist?

https://github.com/kubewarden/user-group-psp-policy/blob/e0bcc1f918f26d1790be3cd72993c4f6061ff9fa/src/settings.rs#L33-L42

viccuad commented 2 years ago

I am not the original author of the policy, but some of those are conventions that several Linux distributions follow; openSUSE, Debian and RHEL all reserve userids < 1000. And I know that the user nobody is 65534 in Fedora and Debian, at least.

For a list of conventions, the best that I have been able to find is the rules in Debian Policy.

chrisns commented 2 years ago

I accept its a convention, but I don't see why that convention has crept into a validation in the policy, ultimately they're arbitrary numbers. I should at least be able to bypass this check IMHO

chrisns commented 2 years ago

closed by #5