remove fedora-usermgmt?
Axel Thimm
Axel.Thimm at ATrpms.net
Fri Mar 9 15:19:47 UTC 2007
On Fri, Mar 09, 2007 at 01:31:13PM +0100, Michael Schwendt wrote:
> Predictable means you can keep the uid/gid constant,
in a floating window.
"Constant" is the definition of a fixed uid. If there is need for a
fixed uid, ask for one (yes, there _seems_ to be currently no space, but
that is another issue), if not use useradd -r.
> but still have an influence on where that is within your range of
> values. Everytime you install a package again on a machine under
> control of a configured fedora-usermgmt, the package allocates the
> same uid/gid.
sure - oops, the admin forgot to configure fedora-usermgmt on machine
number 23. Now all uid/gid are messed up.
That's an extremly fragile design, and if it even involves using these
uid/gid in a security context a very fragile security setup.
From any POV I look at it, this design is flawed ...
> The only alternative is useradd -u/groupadd -g with a larger range of
> uids/gids from which to occupy values per program per distribution.
As Enrico pointed out: You need to adjust or violate the LSB.
But we're fixing an issue which is none. I'm rather convinced that all
packages using fedora-usermgmt don't need fixed uids. Or at least
present a counter-example, where a package needs it. And then please
explain how it can need a fixed uid/gid and still have survived that
long in the fedora-usermgmt-defaults-to-useradd-r setup.
We're really just vapour-talking. fedora-usermgmt "fixes" something
that wasn't broken to begin with, and the fix is more broken than
anything we try to suggest fedora-usermgmt would be able to fix.
--
Axel.Thimm at ATrpms.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/epel-devel-list/attachments/20070309/30a9e834/attachment.sig>
More information about the epel-devel-list
mailing list