FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Development

 
 
LinkBack Thread Tools
 
Old 08-06-2008, 05:23 PM
Axel Thimm
 
Default static uids/gids and (not) using fedora-usermgmt (was: uids for daemons on a spin)

Hi Martin,

On Tue, Aug 05, 2008 at 05:30:03PM +1200, Martin Langhoff wrote:
> On Mon, Aug 4, 2008 at 10:49 PM, Enrico Scholz
> <enrico.scholz@informatik.tu-chemnitz.de> wrote:
> > Without reading whole thread and participating in yet another flame war
>
> Apologies, didn't mean to taunt peoplle into another flamefest --
> thanks for your kind reply. I will use a high uid range as the base if
> I do use this.
>
> However, it seems that my situation is one where I end up with an
> ordering if I try to use your package. Brief description follows
>
> My project - OLPC's School Server - is a Fedora spin that adds a few
> packages with custom daemons, provides a "xs-config" package that
> makes a mess of /etc (ahem!, applies a custom configuration), and has
> a metapackage to pull it all together.
>
> Having stable, predictable uids/gids is *extremely* valuable as we
> want maximum consistency between systems -- the target ratio is of a
> small sysadmin team (5 to 12) managing thousands of servers. We could
> hardcode the uid/gids, but we want to work with Fedora to make our
> packages mainstream as much as possible. So we tend to package things
> "vanilla" and do our wonky configuration in a separate package.
>
> So I would need to have an "config" package that
> - depends on fedora-usermgmt fedora-usermgmt-shadowutils
> - is guaranteed to install _before_ any other package that depends on
> fedora-usermgmt
>
> the "main" xs-config package gets installed late because it overwrites
> configurations, and so it depends on everything.
>
> Is there a way to force this early-dependency? In case you are
> wondering, this gets installed via anaconda unattended and or via yum
> update. I'm wary of anaconda hacks that a yum install / yum update
> won't obey.
>
> It's a bit of circular logic. Can I package my own
> "fedora-usermgmt-yesjustdoit" version of the -shadowutils with
> metadata that makes it win over the "-dontreallydoanything" package?

I would strongly recommend against it. IIRC correctly the tool was
even banned from EPEL and if the FPC weren't that tiered about the
flamewars it might have even gotten as far as being banned
altogether. But the result was that the FPC did some serious thinking
on how to manage users/groups and came up with a solution that doesn't
involve fedora-usermgmt. The wiki is currently off-line otherwise I'd
add a pointer to the resp. pages.

I think the right way to do this is to see the different needs between
the general Fedora space and OLPC: Fedora wants to reserve as few as
possible *static* uids/gids (e.g. officially stamped onto every Fedora
system) because this resource is rather sparse.

But if in OLPC there are some applications/situations that need a
static uid, then OLPC should simply reserve them as a donwstream and
ask Fedora (the FPC or Bill) on a static uid mapping.

I would check whether the requirements for static uids are indeed
needed, but lets do that in a separate thread or PM.
--
Axel.Thimm at ATrpms.net
--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list
 
Old 08-06-2008, 09:44 PM
"Martin Langhoff"
 
Default static uids/gids and (not) using fedora-usermgmt (was: uids for daemons on a spin)

2008/8/7 Axel Thimm <Axel.Thimm@atrpms.net>:
> I would strongly recommend against it. IIRC correctly the tool was
> even banned from EPEL

Thanks for the heads up.

> I think the right way to do this is to see the different needs between
> the general Fedora space and OLPC: Fedora wants to reserve as few as
> possible *static* uids/gids (e.g. officially stamped onto every Fedora
> system) because this resource is rather sparse.

That is ok with me - I was hoping to find a listing of static uids
without grepping cvs manually, aiming to find a safe gap below 500
that OLPC could use for its deployments.

As much as possible I want to have static IDs on OLPC XS deployments
to have max consistency across XSs in the same region. A minor
package-installation-order difference should not lead to different
IDs.

Now, that practice will make OLPC packages unacceptable to Fedora
proper - this is more important to me. However, using fedora-usermgmt
seemed like a way to satisfy both. If it's blackballed from Fedora,
then I'm back to square one.

cheers,


m
--
martin.langhoff@gmail.com
martin@laptop.org -- School Server Architect
- ask interesting questions
- don't get distracted with shiny stuff - working code first
- http://wiki.laptop.org/go/User:Martinlanghoff

--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list
 
Old 08-07-2008, 04:21 AM
"Jeffrey Ollie"
 
Default static uids/gids and (not) using fedora-usermgmt (was: uids for daemons on a spin)

On Wed, Aug 6, 2008 at 4:44 PM, Martin Langhoff <martin.langhoff@gmail.com> wrote:


As much as possible I want to have static IDs on OLPC XS deployments

to have max consistency across XSs in the same region. A minor

package-installation-order difference should not lead to different

IDs.

Unless you're using something like NFS which uses UIDs as part of it's protocol I don't see why you'd care about what UIDs a user is mapped to.* Seems to me like consistency for consistency's sake... (I suppose there are some braindead programs that embed a particular UID at compile time, but since this is open source it's pretty easy to work around such lameness).


Jeff


--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list
 
Old 08-07-2008, 05:05 AM
"Martin Langhoff"
 
Default static uids/gids and (not) using fedora-usermgmt (was: uids for daemons on a spin)

2008/8/7 Jeffrey Ollie <jeff@ocjtech.us>:
> Unless you're using something like NFS which uses UIDs as part of it's
> protocol I don't see why you'd care about what UIDs a user is mapped to.
> Seems to me like consistency for consistency's sake... (I suppose there are
> some braindead programs that embed a particular UID at compile time, but
> since this is open source it's pretty easy to work around such lameness).

A team of ~10 sysadmins handling tens of thousands of servers in
adverse conditions - with the help of field technicians. Every bit of
added consistency, even if seemingly pointless, wins.

We might use NFS - unlikely, the _user_ accounts still have different
uids - but there will be other cases where we might need stable uids,
like shipping formatted disks around (with Real file systems, not
vfat).

Except for user data, I want to have everything in place to ensure
that we *know* where every bit must be :-)

cheers,


m
--
martin.langhoff@gmail.com
martin@laptop.org -- School Server Architect
- ask interesting questions
- don't get distracted with shiny stuff - working code first
- http://wiki.laptop.org/go/User:Martinlanghoff

--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list
 

Thread Tools




All times are GMT. The time now is 09:46 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org