1 |
On 11/10/19 12:36 PM, Jaco Kroon wrote: |
2 |
> |
3 |
> What's the motivation for trying to match the UID and GID values from |
4 |
> other distributions? |
5 |
> |
6 |
> I previously tried to motivate a "purely dynamic" allocation with -1, |
7 |
> I'm showing this as an example where such an implementation would once |
8 |
> more be beneficial. |
9 |
> |
10 |
|
11 |
When sharing resources between multiple systems, you need some sort of |
12 |
centralized identity management. You can put the users in LDAP, for |
13 |
example, and then force everything to authenticate against that. But, |
14 |
doing that right is complicated, and is overkill if you just want to |
15 |
share some files between two machines. |
16 |
|
17 |
Having fixed UIDs and GIDs on all Gentoo systems gives you an easy way |
18 |
to centralize that identity management: in portage, where the IDs are |
19 |
hard-coded. Once GLEP81 has been implemented tree-wide, users can trust |
20 |
that (on new installs, at least), every system user and group will have |
21 |
the same ID. That gives you a simple way to e.g. mount shared apache |
22 |
resources without having to learn LDAP. |
23 |
|
24 |
If our IDs agree with other distributions, then to the extent possible, |
25 |
the same thing works cross-distro. |
26 |
|
27 |
We don't allow dynamic UIDs because it defeats this whole concept. You |
28 |
might not care what the ID is, but some of your users will. |