1 |
On Monday, November 28, 2016 02:39:48 PM William L. Thomson Jr. wrote: |
2 |
> On Monday, November 28, 2016 10:42:54 AM EST Alec Warner wrote: |
3 |
> > Generally speaking as a fellow who maintained thousands of systems (many |
4 |
> > of |
5 |
> > which ran various operating systems.) |
6 |
> > |
7 |
> > You cannot rely on all OS vendors to synchronize uid / gid. You cannot |
8 |
> > even |
9 |
> > rely on some single vendors to synchronize uid / gids between releases of |
10 |
> > their own products. |
11 |
> |
12 |
> I believe the main reason such is the case is a lack of any such list or |
13 |
> database for others to adhere to. Once again an area Gentoo could be |
14 |
> leading. Had Gentoo done this years ago others might have adopted. |
15 |
> |
16 |
> IMHO it is something that should be a part of LSB. If not POSIX in general. |
17 |
> One cannot really change the past or current state of things. But can make |
18 |
> the future better. |
19 |
|
20 |
Highly detailed lists like that--used as a broad standard--are a bad idea. |
21 |
They represent a single synchronization point that everyone must adhere to. |
22 |
|
23 |
That means that every prospective adjustment to the list requires active |
24 |
maintenance. That means that for every new daemon someone writes, they have to |
25 |
go through an admissions process. For every contentious fork of a project, you |
26 |
risk conflict over who the designated contact for the assignment should be. |
27 |
|
28 |
It adds a large bureaucratic load on everyone. Every itch some developer |
29 |
thinks about scratching has to be weighed against engaging with some process- |
30 |
laden entity. Maybe they'll participate, but they likely won't. |
31 |
|
32 |
Have you watched the IANA ports assignment registry over the years? Consider |
33 |
how many services and tools you've seen that *don't* respect it. |
34 |
|
35 |
And what is the list managing? A limited namespace, currently only 32 bits, |
36 |
but with tools like, say, Samba and sssd reserving large chunks for stable UID |
37 |
and GID mapping. One could argue that a stable list could obviate the need for |
38 |
some of that mapping, but you've got decades-old existing networks that aren't |
39 |
going anywhere, and you'll still need to interface with systems run by people |
40 |
who will deliberately run counter to such lists as a security layer, just as |
41 |
you interface with systems that run SSH or HTTP on nonstandard ports. |
42 |
|
43 |
You'll still run into all of these issues and more if you try generalize the |
44 |
list to region allocation: |
45 |
|
46 |
Say you try to assign regions for system daemons vs users, and you're on a |
47 |
host that interacts with two other hosts without full mutual trust. You're |
48 |
serving up a shared filesystem, and all three involved hosts each have a system |
49 |
daemon user and a system normal user with an object on that shared filesystem. |
50 |
|
51 |
Presented with a directory listing showing the UIDs and GIDs for each object, |
52 |
how do you distinguish between the system user from each host? The two hosts |
53 |
shouldn't have access to each others' files, even if they use the same UID |
54 |
locally, because the two hosts don't trust each other. |
55 |
|
56 |
That considered, how, then, how do you identify between another host's system |
57 |
user and its normal user, inasmuch as you can't let them collide with IDs on |
58 |
your own system, but are trying to ensure that their IDs get mapped into the |
59 |
correct local range? |
60 |
|
61 |
That considered, what do you do when the Big List Maintainers add another |
62 |
region? How do you cope with another host that uses a newer version of that |
63 |
list? An older version? And now that you've upgraded, and the new version of |
64 |
the list says you should have mapped something somewhere else, what do you do |
65 |
with it? Do you even have enough information to know that an ID you mapped |
66 |
last year should have been in that other category? |
67 |
|
68 |
And while we're talking about allocating ranges, we can start talking about |
69 |
limited address space. 32 bits seems like a lot of individual identities, but |
70 |
when you're carving it up into multiple masses of identities, you'll find it |
71 |
gets very small, very quickly. That's why IPv6 went with 128 bits instead of a |
72 |
64 bit address space. |
73 |
|
74 |
All of this is why we use identity management tools like LDAP in the first |
75 |
place. Heck, it's why we have passwd and group files for mapping names to ids |
76 |
and didn't simply hardcode system IDs decades ago. |
77 |
|
78 |
-- |
79 |
:wq |