1 |
On Fri, 27 Jan 2017 18:37:52 -0800 |
2 |
Patrick McLean <chutzpah@g.o> wrote: |
3 |
|
4 |
> I don't think we need to have stable UIDs/GIDs in the "normal" case of |
5 |
> standalone users with a single Gentoo system at home. The people who |
6 |
> need predictable UIDs/GIDs are the "enterprise" users or the home users |
7 |
> who use things such as NFS. I work for a company that uses Gentoo, we |
8 |
> have a bunch of workarounds to make sure that UIDs and GIDs are |
9 |
> stable. To make something to solve our problem (and I suspect everyone |
10 |
> else who cares about this), it would be sufficient to have a mechanism |
11 |
> to override the default random assignment with a fixed UID/GID. |
12 |
> Possibly some file in /etc/portage or in the profile (or both) that |
13 |
> allows one to configure what UID/GID a user will get when the user is |
14 |
> being created. One advantage of this is that user.eclass could be |
15 |
> modified to support it, so we don't have to wait for a new EAPI before |
16 |
> taking advantage of it. |
17 |
|
18 |
Is this really a problem in enterprise? What are the workarounds you're |
19 |
using? NFS has long had idmapd, which takes care of this problem. I |
20 |
still find people shy away from NFSv4 but I've not had any trouble with |
21 |
it. There's also LDAP, usually coupled with sssd these days, in which |
22 |
case the users and groups are created just once on a central server. |
23 |
Samba with Active Directory effectively gives you the same thing and |
24 |
can also be coupled with sssd. I recently tried mixing Samba, sssd, and |
25 |
NFS, which was quite fascinating and surprisingly easy thanks to |
26 |
realmd. This allowed me to use NFS with Kerberos, which is something |
27 |
you really need in an enterprise environment. |
28 |
|
29 |
-- |
30 |
James Le Cuirot (chewi) |
31 |
Gentoo Linux Developer |