Fedora User Management (revisited)
Simo Sorce
ssorce at redhat.com
Sat Mar 10 15:56:30 UTC 2007
On Sat, 2007-03-10 at 13:04 +0100, Axel Thimm wrote:
> On Sat, Mar 10, 2007 at 12:45:36PM +0100, Enrico Scholz wrote:
> > Axel Thimm <Axel.Thimm at ATrpms.net> writes:
> >
> > >> >> When a package/daemon writes files and/or reads files which are protected
> > >> >> by file permissions, it is a good candidate for fixed uids.
> > >> >
> > >> > Don't userdel the user.
> > >>
> > >> ??? When I install a package on machine A and machine B, I do not use
> > >> 'userdel' overall.
> > >
> > > "a package/daemon writes files and/or reads files which are protected
> > > by file permissions" does not do so by default from machine A to
> > > machine B, right?
> >
> > Perhaps not "by default"; but this package might be used in a setup
> > which shares network resources betwen A and B.
>
> Ok, let's bite. Please name a couple that would be candiates for doing
> so. Looking at the package registry for fedora-useradd I don't see
> anything but perhaps twiki that would use shared networked folders
> (and I'm not even sure about twiki either).
>
> For example having clamav using a shared networked database for virus
> signatures is out of question. Or zaptel would never mount its device
> nodes from another machine.
>
> If there are *real* use cases for sharing data across machines the
> packager should request a fixed uid/gid.
No, if you want to share resources across machines you have to plan it
from scratch and use a shared passwd/group database or a network file
system like CIFS or NFSv4 that do not depend on local uid/gid space as
it transmits a SID/user principal on the wire.
Anything else is broken on premises.
More information about the Fedora-maintainers
mailing list