1 |
...or you could simply replace the default eid.passwd file with one in |
2 |
your /etc/portage directory to reflect your company's "proper" UID/GID |
3 |
usage. It makes much more sense to have portage conform to your system |
4 |
in this way than to take the time/energy to create yet another almost |
5 |
unused feature. I don't mean to say this to insult at all. I just |
6 |
think the better method for anything of this type is to have a default |
7 |
that portage uses, which works for the masses, but can be overridden by |
8 |
files in /etc/portage (such as package.mask, package.unmask). It makes |
9 |
for a cleaner approach IMHO. |
10 |
|
11 |
On Thu, 2004-01-29 at 12:55, splite-gentoo@××××××××××××××××.edu wrote: |
12 |
> On Thu, Jan 29, 2004 at 08:18:11AM -0800, Max Kalika wrote: |
13 |
> > Quoting splite-gentoo@××××××××××××××××.edu: |
14 |
> > |
15 |
> > > In our case, our account database is shared among Solaris, IRIX, Mac OS X, |
16 |
> > > BSD, and Linux boxes, so I can't have ebuilds using static ID numbers, as |
17 |
> > > there's a good chance they're already in use. |
18 |
> > |
19 |
> > This is all the more reason to have static UIDs/GIDs. I have all user |
20 |
> |
21 |
> "I can't eat eggs because I'm allergic." |
22 |
> |
23 |
> "All the more reason to eat eggs!" |
24 |
> |
25 |
> > accounts in mysql with UIDs and GIDs starting at 2000, however if I go |
26 |
> > install something that requires a system account which is not in |
27 |
> > baselayout's passwd or group file, this new account gets the the next |
28 |
> > available UID (i.e. proftpd is now running as 2203). Not cool. However, |
29 |
> > if it is explicit that all UIDs below, say, 500 are to be reserved for the |
30 |
> > system, and enewuser looks up the UID in PORTDIR/profiles/eid.passwd, the |
31 |
> > whole process of creating users is controlled and predictable. |
32 |
> |
33 |
> Only in the case where all your machines are Gentoo boxes. The uid you |
34 |
> just plucked out of eid.passwd may already be used by another OS for an |
35 |
> entirely different purpose. Now your sshd is running with httpd's uid, |
36 |
> or worse, as a non-system user because, say, Solaris only considers uids |
37 |
> under 250 to be system accounts. |
38 |
> |
39 |
> We have user and system account entries that predate Linus' first kernel. |
40 |
> We're certainly not going to chown all their files on hundreds of machines |
41 |
> (plus the backup tapes) just to conform to what Gentoo's idea of system |
42 |
> accounts should be. I don't think anyone else deploying Gentoo into an |
43 |
> existing Unix environment would warm to the idea either. |
44 |
> |
45 |
> > There are difficulties with other OSes, of course (Daniel referred to |
46 |
> > MacOSX in the bug that deals with this issue.) I don't know if it would be |
47 |
> > easier to try to solve all these problems ahead of time or come up with a |
48 |
> > solution for the "wider audience" now and try to convert later. |
49 |
> |
50 |
> It's not really a huge undertaking to provide a switch that lets folks do |
51 |
> their account management themselves if they need to. I'm not asking that |
52 |
> ebuilds should automagically know how to update my NIS maps or talk to your |
53 |
> MySQL server. |
54 |
> |
55 |
> -- |
56 |
> gentoo-dev@g.o mailing list |
57 |
-- |
58 |
Chris Gianelloni |
59 |
Developer, Gentoo Linux |
60 |
Games Team |
61 |
|
62 |
Is your power animal a pengiun? |