On 1/8/14, 10:51 AM, Shaw, Ray V CTR USARMY ARL (US) wrote:Great question. Yes, they'll default to 1000 and the RHEL7 STIG will reflect. Feel free to send in a patch if you're so inclined :)
Classification: UNCLASSIFIED
Caveats: NONE
https://lists.fedoraproject.org/pipermail/devel/2011-May/151663.html
Will UID_MIN and GID_MIN default to 1000 in RHEL7 as well? I have not had (and do not have, sadly) time to check out the RHEL7 beta, but a quick search of several of the documentation pages didn't mention this. I would imagine so, given things like:
https://bugzilla.redhat.com/show_bug.cgi?id=907312
If so, should we expect the STIG for RHEL7 to reflect this, counting everything 1000 and below as a "system" account/group for relevant rules? Just trying to get a head start on potentially necessary UID/GID changes.
Admittedly things will get interesting in legacy environments which support both RHEL6 and RHEL7. As RHEL7 progresses we'll make note of this... perhaps issue some kind of "RHEL6 to RHEL7 migration issues" FAQ.
_______________________________________________
scap-security-guide mailing list
scap-security-guide@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide