Home_greyopenFATE - openSUSE feature tracking > #310922
Dashboard | Search | Sign up | Login

Please login or register to be able to edit or vote this feature.

central system user registry

Feature state

openSUSE Distribution
Unconfirmed
openSUSE-11.4
Rejected

Description

Once upon a time all systems users were defined in aaa_base via the default
/etc/passwd file. When the uid space below uid 100 got too small a new dynamic
range between 100 and 499 was introduced. So nowadays packages dynamically
create a user in %pre which gets a random uid in this range.
Disadvantage: uids are different on every system. Usually this is
not a problem but for programs that export files over the network it
is. TV recordings made by VDR for example.
useradd has a --preferred-uid option for such cases. It's possible
to specify a uid and useradd tries to use it. If it's already taken
another one is chosen.

Thefore I'd propose to leverage that feature:
- introduce a central uid registry for system users, e.g a file in aaa_base
- lower SYSTEM_UID_MAX (/etc/login.defs) to e.g. 349 and assign
"preferred uids" in the rage 350-499.
- change useradd calls in packages to a macro that transparently
decides whether a preferred uid needs to be used.

Usecase

- two systems running vdr, one for recording, the other one for playback on a TV want to share recordings via nfs.

- avoid packagers picking too generic user names

- stable uids across appliances

Discussion


icons/user_comment.png J. E. wrote: (3 years ago)

Recent kernels use NFS4 by default, which transmits the username rather than UID, so the issue is basically resolved in openSUSE 11.4 already.

icons/user_comment.png N. U. wrote: (3 years ago)

"Resolved" is a strong word there. :-)

Identity management is a large space with a multiplicity of complexity. There are numerous solutions in this space. For instance, NIS was invented to deal with this problem. Then LDAP solutions came along. These days, I believe Red Hat has some kind of product competing against Microsoft's Active Directory. And I'd call attention to
Novell's eDirectory product .

Anyhow, I couldn't help but comment on your use of the word "resolved" there. For the benefit of others who may be reading, I think it's worth generally waving in the direction of some of software shipped with openSUSE or compatible with the platform.

icons/user_comment.png L. N. wrote: (3 years ago)

maybe the new rpm 'collections' feature could be leveraged to avoid useradd calls in packages.

Last change: 9 months ago
Voting
Score: 2
  • Negative: 1
  • Neutral: 1
  • Positive: 3
Tags
Feature Export
Application-xmlXML   Text-x-logPlaintext   PrinterPrint