Fedora User Management (revisited)

Axel Thimm Axel.Thimm at ATrpms.net
Sat Mar 10 13:03:02 UTC 2007 

On Sat, Mar 10, 2007 at 01:34:09PM +0100, Enrico Scholz wrote:
> Axel Thimm <Axel.Thimm at ATrpms.net> writes:
> 
> >> >> >> When a package/daemon writes files and/or reads files which are
> >> >> >> protected by file permissions, it is a good candidate for fixed
> >> >> >> uids.
> > ...
> > Ok, let's bite. Please name a couple that would be candiates for doing
> > so.
> 
> * The *milt* and defang users; they are using unix sockets shared between
>   several vservers.

vservers and chroots? Is this what this is all about? I'd say whoever
setups vservers and chroots *himself* and keeps different passwd/group
files across them should be able to deal with this. And this is really
a very, tiny, infinitesimal small group of users.

> * fnord (http server), twiki, tclhttpd sounds like a candidate

For what it's worth, most http content is not placed under ownership
of apache or similar, but under a different user's id. So even here
this would need further investigation. twiki for example places its
contents in a versioned db, and I don't even know if it supports
multiple concurrent frontends. I know mediawiki for example doesn't
(and doesn't even need a uid of its own either).

> 'fedora-usermgmt' deals both with users who must have predictable uids,
> who need predictable uids under some circumstances and who never need
> predictable uids (although: say never "never"). Its flaws (causes lot of
> discussion, is proprietary, nobody else uses it) are of non-technical
> nature and negligible and I do not see why it should not be used for all
> users.

That's your POV. Exactly a year ago there was the same discussion
about it draining brain power and volunteer time. And if we don't get
it resolved again, we'll be reevaluating this next year again.

> > If there are *real* use cases for sharing data across machines the
> > packager should request a fixed uid/gid.
> 
> I am really in doubt that the remaining free entries < 100 are enough. And
> when can a uid be reserved there? When there is at least 1 installation
> which needs a predictable uid, when there are 10, 100, 1000?

Since we can't count it, it needs to be weighted on a case by case
basis. But keep in mind, that we passed the 2 mio marker, so even 1000
users make 0.05%, and I doubt that 1000 users are even aware of
fedora-usermgmt. I guess the number of admins using this mechanism is
far less than 100, maybe even only you. ;)
-- 
Axel.Thimm at ATrpms.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-maintainers/attachments/20070310/8f5a885b/attachment.sig>

More information about the Fedora-maintainers mailing list