| 1 |
On Fri, 27 Jan 2017 18:37:52 -0800 |
| 2 |
Patrick McLean <chutzpah@g.o> wrote: |
| 3 |
|
| 4 |
> I don't think we need to have stable UIDs/GIDs in the "normal" case of |
| 5 |
> standalone users with a single Gentoo system at home. The people who |
| 6 |
> need predictable UIDs/GIDs are the "enterprise" users or the home users |
| 7 |
> who use things such as NFS. I work for a company that uses Gentoo, we |
| 8 |
> have a bunch of workarounds to make sure that UIDs and GIDs are |
| 9 |
> stable. To make something to solve our problem (and I suspect everyone |
| 10 |
> else who cares about this), it would be sufficient to have a mechanism |
| 11 |
> to override the default random assignment with a fixed UID/GID. |
| 12 |
> Possibly some file in /etc/portage or in the profile (or both) that |
| 13 |
> allows one to configure what UID/GID a user will get when the user is |
| 14 |
> being created. One advantage of this is that user.eclass could be |
| 15 |
> modified to support it, so we don't have to wait for a new EAPI before |
| 16 |
> taking advantage of it. |
| 17 |
|
| 18 |
Is this really a problem in enterprise? What are the workarounds you're |
| 19 |
using? NFS has long had idmapd, which takes care of this problem. I |
| 20 |
still find people shy away from NFSv4 but I've not had any trouble with |
| 21 |
it. There's also LDAP, usually coupled with sssd these days, in which |
| 22 |
case the users and groups are created just once on a central server. |
| 23 |
Samba with Active Directory effectively gives you the same thing and |
| 24 |
can also be coupled with sssd. I recently tried mixing Samba, sssd, and |
| 25 |
NFS, which was quite fascinating and surprisingly easy thanks to |
| 26 |
realmd. This allowed me to use NFS with Kerberos, which is something |
| 27 |
you really need in an enterprise environment. |
| 28 |
|
| 29 |
-- |
| 30 |
James Le Cuirot (chewi) |
| 31 |
Gentoo Linux Developer |
Archives