| 1 |
On Thu, Jan 29, 2004 at 08:18:11AM -0800, Max Kalika wrote: |
| 2 |
> Quoting splite-gentoo@××××××××××××××××.edu: |
| 3 |
> |
| 4 |
> > In our case, our account database is shared among Solaris, IRIX, Mac OS X, |
| 5 |
> > BSD, and Linux boxes, so I can't have ebuilds using static ID numbers, as |
| 6 |
> > there's a good chance they're already in use. |
| 7 |
> |
| 8 |
> This is all the more reason to have static UIDs/GIDs. I have all user |
| 9 |
|
| 10 |
"I can't eat eggs because I'm allergic." |
| 11 |
|
| 12 |
"All the more reason to eat eggs!" |
| 13 |
|
| 14 |
> accounts in mysql with UIDs and GIDs starting at 2000, however if I go |
| 15 |
> install something that requires a system account which is not in |
| 16 |
> baselayout's passwd or group file, this new account gets the the next |
| 17 |
> available UID (i.e. proftpd is now running as 2203). Not cool. However, |
| 18 |
> if it is explicit that all UIDs below, say, 500 are to be reserved for the |
| 19 |
> system, and enewuser looks up the UID in PORTDIR/profiles/eid.passwd, the |
| 20 |
> whole process of creating users is controlled and predictable. |
| 21 |
|
| 22 |
Only in the case where all your machines are Gentoo boxes. The uid you |
| 23 |
just plucked out of eid.passwd may already be used by another OS for an |
| 24 |
entirely different purpose. Now your sshd is running with httpd's uid, |
| 25 |
or worse, as a non-system user because, say, Solaris only considers uids |
| 26 |
under 250 to be system accounts. |
| 27 |
|
| 28 |
We have user and system account entries that predate Linus' first kernel. |
| 29 |
We're certainly not going to chown all their files on hundreds of machines |
| 30 |
(plus the backup tapes) just to conform to what Gentoo's idea of system |
| 31 |
accounts should be. I don't think anyone else deploying Gentoo into an |
| 32 |
existing Unix environment would warm to the idea either. |
| 33 |
|
| 34 |
> There are difficulties with other OSes, of course (Daniel referred to |
| 35 |
> MacOSX in the bug that deals with this issue.) I don't know if it would be |
| 36 |
> easier to try to solve all these problems ahead of time or come up with a |
| 37 |
> solution for the "wider audience" now and try to convert later. |
| 38 |
|
| 39 |
It's not really a huge undertaking to provide a switch that lets folks do |
| 40 |
their account management themselves if they need to. I'm not asking that |
| 41 |
ebuilds should automagically know how to update my NIS maps or talk to your |
| 42 |
MySQL server. |
| 43 |
|
| 44 |
-- |
| 45 |
gentoo-dev@g.o mailing list |
Archives