Fedora User Management (revisited)

Axel Thimm Axel.Thimm at ATrpms.net
Fri Mar 9 11:32:10 UTC 2007 

On Fri, Mar 09, 2007 at 12:15:01PM +0100, Enrico Scholz wrote:
> Axel Thimm <Axel.Thimm at ATrpms.net> writes:
> 
> >> >> > But for whatever its worth let's raise the fixed/non-fixed
> >> >> > cross-over from uid/gid 100 to 200 for F8 or F9.
> >> >> 
> >> >> I suggest 500-999; should not break LSB more than the 100-200 idea. But
> >> >> reuid'ing normal users is much easier than doing this for services.
> >> >
> >> > We can only mess with below 500.
> >> 
> >> to be more exact: below 100
> >
> > You do seem to contracdict yourself, is it now 500-999 or below 100 ;)
> 
> you and notting are wanting to break the LSB by using an area which must
> not be used for fixed uids. I outlined an alternative which breaks LSB
> too but is much less painless on most systems.

OK, let's keep LSB compliance: Let's convert the 30 packages (Mike
counted 25 I think) using fedora-usermgmt to plain useradd -r which is
what they effectively do anyway since the very beginning. And which
126 other packages do with plain useradd -r.

> > So it will have the same flaws like fedora-usermgmt
> 
> About which flaws are you speaking?

Please, repeating that you don't recognize any flaw is not making them
go away. The reason why fedora-usermgmt doesn't boom on users' faces
is that it defaults to useradd -r. Since this happens for all millions
of users of Fedora, but for the dozen being aware of this mechanism
*and* using it, it looks like the few packages using fedora-usermgmt
don't really need any fixed/predicted etc ids, but can cope with
plain old and simple useradd -r.

And we metioned several cases where fedora-usermgmt will boom, if the
package really relies on not getting a random uid, for example when
the admin notices that such a mechanism exists after the first
fedora-usermgmt packages have been installed. Or if the admin thinks
he can move the floating window to a new position, and is not aware
that the config is once-set-never-unset. And many other examples that
just show that floatng uid windows is A Bad Idea.
-- 
Axel.Thimm at ATrpms.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-maintainers/attachments/20070309/7dc32c48/attachment.sig>

More information about the Fedora-maintainers mailing list