| 1 |
On Wed, May 29, 2019 at 12:25:59PM +0200, Michał Górny wrote: |
| 2 |
> On Wed, 2019-05-29 at 11:50 +0200, Jaco Kroon wrote: |
| 3 |
> > Hi Michal, |
| 4 |
> > |
| 5 |
> > This sounds sensible and is an interesting approach. I kinda like it. |
| 6 |
> > |
| 7 |
> > There is only one technical comment I have based on the earlier |
| 8 |
> > discussion, not addressed. |
| 9 |
> > |
| 10 |
> > What if users needs to be created into a centralized UID/GID system to |
| 11 |
> > be pulled in via nss? |
| 12 |
> > |
| 13 |
> > So calling system tools by default is fine, but what if the sysadmin |
| 14 |
> > would prefer to have users and groups pushed into ldap? Can we at least |
| 15 |
> > accomodate a hook mechanism to allow system administrators not relying |
| 16 |
> > on local users to deal with this? |
| 17 |
> We kinda have hooks already. Just drop your 'useradd' etc. replacements |
| 18 |
> into /usr/local/bin, and tadaam! KISS all the way. |
| 19 |
Having written one of those replacements (diradm), I would like a little |
| 20 |
more flexibility: |
| 21 |
- permit the sysadmin to configure paths to the useradd(etc) |
| 22 |
tools/wrappers to be actually used. |
| 23 |
- include a manual mode that just has the package bail out and wait for |
| 24 |
the sysadmin to do it (e.g. they have to actually create the user on |
| 25 |
another host). |
| 26 |
|
| 27 |
> > My personal rule of thumb is that system users are (and should be) |
| 28 |
> > local. But there are definite use cases where shared "system uids" are |
| 29 |
> > a definite legitimate requirement. |
| 30 |
Created in a central system AND mirrored locally is my preference, using |
| 31 |
nsscache. |
| 32 |
|
| 33 |
-- |
| 34 |
Robin Hugh Johnson |
| 35 |
Gentoo Linux: Dev, Infra Lead, Foundation Treasurer |
| 36 |
E-Mail : robbat2@g.o |
| 37 |
GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85 |
| 38 |
GnuPG FP : 7D0B3CEB E9B85B1F 825BCECF EE05E6F6 A48F6136 |
Archives