Fedora User Management (revisited)
Enrico Scholz
enrico.scholz at informatik.tu-chemnitz.de
Sat Mar 10 16:48:36 UTC 2007
Simo Sorce <ssorce at redhat.com> writes:
> you may have 2 different spaces on 2 machines.
again: why should I have this?
>> Should not happen resp. detected during the review (cry loudly when
>> hint-id is out of order)
>
> Should !?
yes, "should" like in: "scriptlets *should* not contain 'rm -rf /'"
>> | $ ssh root at athen "LANG=C fedora-useradd -62495 -r foobar"
>> | useradd: UID 505 is not unique
>
> Oh nice very useful, so now we trade a dynamic uid with a possibly
> failed package installation ... very useful!!
As I wrote in another posting: I do not expect that UIDs are exceeding
the 500-1000 range in the next years.
When this happens, the hint-translator can be configured to map ids >
1000 into a second window.
>> ok; when the assigned window is in the middle of the normal user space,
>> this will be a problem indeed. Solutions:
>>
>> * choose a window above UID_MAX (/etc/login.defs) resp. adapt this
>> value. ditto for GID_MAX
>
> The user space window is defined as anything > 500
wrong. It is 500-60000 by default.
>> * teach the tool which creates the users that the window is tabooed
>
> This is exactly the same thing as increasing the reserved fixed space
> to 200 or 300, and that _is_ a solution!
No; there *are* existing systems which have already (system) users in
the 100-300 range.
Mentioned tool is something written by the same administrator(group) who
defined the window for the service users.
Enrico
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 480 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-maintainers/attachments/20070310/515ad3e6/attachment.sig>
More information about the Fedora-maintainers
mailing list