Fedora User Management (revisited)

[Enrico Scholz]

Simo Sorce <ssorce at redhat.com> writes:

>> > Why do we need fixed uids at all? is it so difficult to use
>> > getpwnam() ??
>> 
>> Most filesystems store only the uid/gid, not the name of a user.
>
> Do you read what people write at all?

yes

> Do you know what getpwnam() do ?

yes; getpwnam(3) works in userspace while permission checks in the
filesystem are a kernel thing (which knows nothing about getpwnam(3)).


> If I specify 2 different ranges on 2 machines

Why would you do this? Just to prove that fedora-usermgmt is shit?

coreutils are shit too. I can destroy my system with a simple 'rm -rf /'!


>> 'fedora-usermgmt' is completely transparent transparent: either you know
>> about it and use it, or it behaves like a plain 'useradd'.
>
> Do you realize this phrase means exactly that:
> fedora-usermgmt == useradd
> for all practical purposes ?

No; there are existing installations with activated predictable-mode. Hence,
'all' is wrong.


> I think it is even a danger for who is aware of it. What happen to
> your scheme if you reserve 5000-6000 and then it happens that adding
> normal users you end up going over that space? Any application that
> rely on fedore-usermgmt at that point will break as it will try to use
> normal user's uid/gids ...

Without being the 640k guy, I think that the currently suggested window
size of 500-1000 is enough for the next years.

Nevertheless, when we really come over this limit an administrator can
map hint-ids > 1000 into another window. Some sanity checks can be added
to 'fedora-usermgmt' e.g. to abort or fallback when hint-id > 500 and
there is no file /etc/fedora/hints-above-500-are-ok.




Enrico
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 480 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-maintainers/attachments/20070310/447c39a8/attachment.sig>