[Fedora-packaging] packages which add user accounts: is fedora-usermgmt the way?

Wed Sep 7 10:35:47 UTC 2005

rc040203 at freenet.de (Ralf Corsepius) writes:

>> > I fail to see why system accounts should be shared across networks and
>> > why there is any need to force unique UIDs on them.
>> 
>> ok, some examples:
>> 
>> * 'vdr' and 'vdradmin' (from livna) are running on different hosts as
>>   the 'vdr:video' user. Both share configuration files and data which is
>>   exported by NFS
> Then these UID/GIDs probably better should be ordinary uids, instead of
> system-user ids.

These users are created by an rpm, this package contains files owned by
them and they are set in global configuration files. So, they must be
system accounts.

>> * some data in a shared filesystem which shall be read by apache only
>>   but not by other users -> all affected machines will need the same
>>   uid/gid for apache
> To me this is a classical case of a customized network setup. It's the
> admin's responsibility to synchronize the uids.

There is no way to see whether an rpm package creates an account or to
determine the parameters of this account.

>> * it is confusing and unesthetically when users are having different
>>   identities
> Let me turn this coin around: You are trying to be stylish and seem to
> be trying to project your personal conventions to the public.
>
> You are missing:
> * These points are irrelevant in heterogenious networks. Each OS has
> different conventions, so any convention is always somehow wrong and
> requires hand-crafting.

The uid/gid concept exists on all Posix compliant systems.  'fedora-usermgmt'
would work fine e.g. on Solaris also.

> * Using fixed uids unnecessarily restricts the number of available uids.
> You will sooner or later face the problems of all fixed-table based
> configuration approaches.

I do not expect that the number of registered UIDs reaches a range where
this is critical. And when you have really an environment without a free
range of perhaps 1000-2000 uids, then write your own 'fedora-usermgmt'
backend which calculates the resulting UID in a clever way.

>> It is easy to create users with predictable uids and fedora-usermgmt
>> offers a simple method doing this.  I am not aware of any drawbacks,
>> it solves the problem of unpredictable uids and without explicit
>> configuration it is transparent to users because it has the same
>> behavior as plain 'useradd' then. So I do not see reasons why it
>> should not be used.
>
> Frankly speaking, I am no friend of fedora-usermgmt. To the same extent
> it might help you, it interferes with my demands.

Where does it interferes with your demands? When you did nothing
(used fedora-usermgmt out-of-the-box), there is no difference to the
plain 'useradd'. When you did something, you did it wrong perhaps or
encountered a bug in fedora-usermgmt.

Enrico