User id allocation and fedora-usermgmt
David Lutterkort
dlutter at redhat.com
Wed Mar 1 00:04:14 UTC 2006
Hi,
I just packaged an application (puppet, bz180571) that requires the
addition of its own user, and was pointed to
http://fedoraproject.org/wiki/Packaging/UserCreation for instructions on
how to create the user in question.
It seems to me that the fedora-usermgmt package doesn't really solve the
issue of user id allocation. For the reasons outlined at
http://fedoraproject.org/wiki/PackageDynamicUserCreationConsideredBad,
we want to allocate user id's for demons statically and permanently;
fedora-usermgmt doesn't really address that issue, instead it sidesteps
it by making the actual uid's used for a package configurable by a site
administrator. It also makes it hard to write a specfile that can be
used with RHEL since fedora-usermgmt is not available by default for
RHEL.
Since user id's available for system users created by packages are a
shared resource, it seems that the problems that fedora-usermgmt tries
to address could be addressed by a clear policy without the need for
separate tools. The policy would carve up the set of user id's available
for system users (0-499) amongst FC and FE and delegate management of
them. For example, the policy could distribute the uid's as
UID For use by/managed by
0-199 Fedora Core, FC steering committee
200-299 reserved for future allocation
300-399 Fedora Extras, FeSCo
400-499 reserved for future allocation
With such a policy in place, packages can create their users as needed
with the normal shadow-utils and set a fixed uid/gid for them; there's
no need for additional tools.
For Fedora Extras, user id's would be tracked as they are right now at
http://fedoraproject.org/wiki/Packaging/UserRegistry (with all uid/gid's
bumped up by 300) and new uid's/gid's would be allocated during package
review from the FE range 300-399.
David
More information about the fedora-extras-list
mailing list