| 1 |
On Sat, 28 Jan 2017 11:28:45 +0000 |
| 2 |
James Le Cuirot <chewi@g.o> wrote: |
| 3 |
|
| 4 |
> On Fri, 27 Jan 2017 18:37:52 -0800 |
| 5 |
> Patrick McLean <chutzpah@g.o> wrote: |
| 6 |
> |
| 7 |
> > I don't think we need to have stable UIDs/GIDs in the "normal" case of |
| 8 |
> > standalone users with a single Gentoo system at home. The people who |
| 9 |
> > need predictable UIDs/GIDs are the "enterprise" users or the home users |
| 10 |
> > who use things such as NFS. I work for a company that uses Gentoo, we |
| 11 |
> > have a bunch of workarounds to make sure that UIDs and GIDs are |
| 12 |
> > stable. To make something to solve our problem (and I suspect everyone |
| 13 |
> > else who cares about this), it would be sufficient to have a mechanism |
| 14 |
> > to override the default random assignment with a fixed UID/GID. |
| 15 |
> > Possibly some file in /etc/portage or in the profile (or both) that |
| 16 |
> > allows one to configure what UID/GID a user will get when the user is |
| 17 |
> > being created. One advantage of this is that user.eclass could be |
| 18 |
> > modified to support it, so we don't have to wait for a new EAPI before |
| 19 |
> > taking advantage of it. |
| 20 |
> |
| 21 |
> Is this really a problem in enterprise? What are the workarounds you're |
| 22 |
> using? NFS has long had idmapd, which takes care of this problem. I |
| 23 |
> still find people shy away from NFSv4 but I've not had any trouble with |
| 24 |
> it. There's also LDAP, usually coupled with sssd these days, in which |
| 25 |
> case the users and groups are created just once on a central server. |
| 26 |
> Samba with Active Directory effectively gives you the same thing and |
| 27 |
> can also be coupled with sssd. I recently tried mixing Samba, sssd, and |
| 28 |
> NFS, which was quite fascinating and surprisingly easy thanks to |
| 29 |
> realmd. This allowed me to use NFS with Kerberos, which is something |
| 30 |
> you really need in an enterprise environment. |
| 31 |
> |
| 32 |
|
| 33 |
We are using both NFSv3 and NFSv4, the UID stability is also important |
| 34 |
when you are using full-image deployments, and have local storage on |
| 35 |
the system, you don't want the new OS to have different UIDs/GIDs than |
| 36 |
the previous installation. |
| 37 |
|
| 38 |
We are using file in /etc/portage/env that define a pre_pkg_setup that |
| 39 |
creates the users before the standard pkg_setup does, with our stable |
| 40 |
UID/GID for that system. We have to do this for each package that |
| 41 |
creates a user that may be used to store stable data. |
Archives