non fedora-usermgmt user creation
Ralf Corsepius
rc040203 at freenet.de
Thu Mar 9 10:40:06 UTC 2006
On Thu, 2006-03-09 at 08:13 +0100, Christian.Iseli at licr.org wrote:
> Enrico Scholz said:
> > alternatives is already used by fedora-usermgmt. But I do not see how
> > this help to install the fedora-usermgmt bits without a Requires:
> > fedora-usermgmt.
>
> I think we are still not talking exactly about the same thing...
>
> Let me try to rephrase:
> 1. there are packages (both in FC and FE) that need to create UIDs
I question this wrt. certain details:
a) I question the need to specify "uids by numbers" in general, unless
there are predefined/preallocated uid-ranges, because in a networked
environment each network admin will apply his own strategy/convention of
grouping such uids.
Therefore any assumption on "reserved uids" must inevitably clash
somewhere.
b) I question the need for rpms to use fixed uid-numbers.
rpms always are installed locally and don't have any knowledge about
uids/accounts in a network. Therefore, installing rpms which add uids
will always require additional effort in a network to propagate those
uids/ids into the network.
[Actually it requires to add those uids to the networked uid/id database
before installing the package - This is beyond the scope of rpm]
c) Many packages probably don't need any package specific account,
probably even less will require a fixed numeric uid. Many of those who
really need one, probably actually would be satisfied with an arbitrary,
ordinary user account and do neither need a fix uid nor a reserved one.
> 2. some admins would like to have those UIDs created in a
> predictable/defined way
Here the question is: locally or network-wide?
For local installation, you never need a predictable uid, all you need
is predictable id within a certain range of uids (You need an id "httpd"
with uid < 100, but there is not need to fix it to a particular uid).
For a network wide installation, you'd need to have network-wide
consistent uid/ids. This doesn't necessarily mean using fixed ids, it
only means you'll have to have a way to propagate those uid/ids into
your network. Allocating a range of uids/ids is the most simplistic and
primitive way, but there are others (Note: you'd also have to reserve
ids (user names), otherwise they are candidates for clashes, too).
> 3. you propose an add-on/wrapper package that allows to do this, but
> it is non-transparent: packages that want to use your mechanism
> must have a Require for fedora-adduser. Thus the packager makes
> the decision, not the admin
This is what I consider one fundamental flaw in Enrico's approach. He
tries to dictate what admins consider their task.
> 4. when an admin decides to use your mechanism, part of the packages
> installed will still not be right because all FC and some FE
> packages do not have the Require mentioned in step 3, and some
> packagers adamantly refuse to add it
What could be done is to implement fedora-usermgmt as a wrapper to
useradd/etc. which remapping certain useradd calls by mapping requested
uids/ids from a built-in lookup table.
> 5. no consensus is emerging that point 3 is the right thing to do
>
> What I think some other persons and I are proposing is that you change
> the fedora-usermgmt package to be a complete, transparent replacement
> for useradd (shadow-utils package). That way, when an admin decides
> to install your package, he knows all the packages he later installs
> will obey the policy he decided to apply when he configured the
> necessary bits in your package. Packagers then no longer need to
> worry whether to Require useradd or fedora-useradd. I think that
> would make everyone happy... (maybe famous last words too :-) )
ACK.
Ralf
More information about the fedora-extras-list
mailing list