1 |
On Thu, Jan 29, 2004 at 08:18:11AM -0800, Max Kalika wrote: |
2 |
> Quoting splite-gentoo@××××××××××××××××.edu: |
3 |
> |
4 |
> > In our case, our account database is shared among Solaris, IRIX, Mac OS X, |
5 |
> > BSD, and Linux boxes, so I can't have ebuilds using static ID numbers, as |
6 |
> > there's a good chance they're already in use. |
7 |
> |
8 |
> This is all the more reason to have static UIDs/GIDs. I have all user |
9 |
|
10 |
"I can't eat eggs because I'm allergic." |
11 |
|
12 |
"All the more reason to eat eggs!" |
13 |
|
14 |
> accounts in mysql with UIDs and GIDs starting at 2000, however if I go |
15 |
> install something that requires a system account which is not in |
16 |
> baselayout's passwd or group file, this new account gets the the next |
17 |
> available UID (i.e. proftpd is now running as 2203). Not cool. However, |
18 |
> if it is explicit that all UIDs below, say, 500 are to be reserved for the |
19 |
> system, and enewuser looks up the UID in PORTDIR/profiles/eid.passwd, the |
20 |
> whole process of creating users is controlled and predictable. |
21 |
|
22 |
Only in the case where all your machines are Gentoo boxes. The uid you |
23 |
just plucked out of eid.passwd may already be used by another OS for an |
24 |
entirely different purpose. Now your sshd is running with httpd's uid, |
25 |
or worse, as a non-system user because, say, Solaris only considers uids |
26 |
under 250 to be system accounts. |
27 |
|
28 |
We have user and system account entries that predate Linus' first kernel. |
29 |
We're certainly not going to chown all their files on hundreds of machines |
30 |
(plus the backup tapes) just to conform to what Gentoo's idea of system |
31 |
accounts should be. I don't think anyone else deploying Gentoo into an |
32 |
existing Unix environment would warm to the idea either. |
33 |
|
34 |
> There are difficulties with other OSes, of course (Daniel referred to |
35 |
> MacOSX in the bug that deals with this issue.) I don't know if it would be |
36 |
> easier to try to solve all these problems ahead of time or come up with a |
37 |
> solution for the "wider audience" now and try to convert later. |
38 |
|
39 |
It's not really a huge undertaking to provide a switch that lets folks do |
40 |
their account management themselves if they need to. I'm not asking that |
41 |
ebuilds should automagically know how to update my NIS maps or talk to your |
42 |
MySQL server. |
43 |
|
44 |
-- |
45 |
gentoo-dev@g.o mailing list |