FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Development

 
 
LinkBack Thread Tools
 
Old 07-20-2011, 05:17 PM
Bruno Wolff III
 
Default Starting user UIDs at 1000 - please check your packages

On Wed, Jul 20, 2011 at 16:15:34 +0000,
Benjamin Lewis <ben.lewis@benl.co.uk> wrote:
> Out of curiosity, how does this affect existing systems which have human
> UIDs of 500, 501, etc..?
>
> Do they suddenly become system UIDs or is login.defs left alone then
> (and consequently no change happens)?

When the change was first pushed, it broke graphical logins as gdm didn't
display logins with uids < 1000 and there was some issue with using "other"
at about the same time. I went in and changed login.defs back to 500 and
filed an RfE against gdm to based the list displayed on the shell
associated with accounts rather than the uid.
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 07-20-2011, 05:19 PM
Simo Sorce
 
Default Starting user UIDs at 1000 - please check your packages

On Wed, 2011-07-20 at 12:29 -0400, Ric Wheeler wrote:
> On 07/20/2011 12:28 PM, Miloslav Trmač wrote:
> > On Wed, Jul 20, 2011 at 6:24 PM, Ric Wheeler<rwheeler@redhat.com> wrote:
> >> I normally build systems with (at least!) a separate /boot, / and /home.
> >> This lets me do a full install, blow away old fedora system partitions and
> >> not lose any user data.
> >>
> >> Since that puts down a pristine F16 image, does that mean we need to chown
> >> all of the user files that survive in a separate partition?
> > Either chown the files, or create a kickstart file that puts
> > /etc/login.defs in place in a %pre script. chown is probably much
> > simpler unless you have many systems to manage.
> > Mirek
>
> Makes sense...
>
> We should also note that this might be a common need for users who have SAN
> attached storage (and that could be large, multi-user systems).

If they don't already have a directory or at the very least a way to
rsync /etc/passwd around they do not have a production grade
installation.

If they already have shared user information this change shouldn't make
much of a difference to them unless they want to change existing user
Ids.

Simo.

--
Simo Sorce * Red Hat, Inc * New York

--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 07-20-2011, 05:52 PM
Ric Wheeler
 
Default Starting user UIDs at 1000 - please check your packages

On 07/20/2011 01:19 PM, Simo Sorce wrote:
> On Wed, 2011-07-20 at 12:29 -0400, Ric Wheeler wrote:
>> On 07/20/2011 12:28 PM, Miloslav Trmač wrote:
>>> On Wed, Jul 20, 2011 at 6:24 PM, Ric Wheeler<rwheeler@redhat.com> wrote:
>>>> I normally build systems with (at least!) a separate /boot, / and /home.
>>>> This lets me do a full install, blow away old fedora system partitions and
>>>> not lose any user data.
>>>>
>>>> Since that puts down a pristine F16 image, does that mean we need to chown
>>>> all of the user files that survive in a separate partition?
>>> Either chown the files, or create a kickstart file that puts
>>> /etc/login.defs in place in a %pre script. chown is probably much
>>> simpler unless you have many systems to manage.
>>> Mirek
>> Makes sense...
>>
>> We should also note that this might be a common need for users who have SAN
>> attached storage (and that could be large, multi-user systems).
> If they don't already have a directory or at the very least a way to
> rsync /etc/passwd around they do not have a production grade
> installation.
>
> If they already have shared user information this change shouldn't make
> much of a difference to them unless they want to change existing user
> Ids.
>
> Simo.
>

With SAN attached storage (or just the clean install example I gave earlier in
the thread), the install will have existing user ID's but their /etc/password
(and so on) will get nuked during the install which could/will re-use existing
user ID's.

rsync won't help since their data is all local already. You will need to "chown"
the user files to the higher range PID's.

Ric

--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 07-20-2011, 06:06 PM
Simo Sorce
 
Default Starting user UIDs at 1000 - please check your packages

On Wed, 2011-07-20 at 13:52 -0400, Ric Wheeler wrote:
> On 07/20/2011 01:19 PM, Simo Sorce wrote:
> > On Wed, 2011-07-20 at 12:29 -0400, Ric Wheeler wrote:
> >> On 07/20/2011 12:28 PM, Miloslav Trmač wrote:
> >>> On Wed, Jul 20, 2011 at 6:24 PM, Ric Wheeler<rwheeler@redhat.com> wrote:
> >>>> I normally build systems with (at least!) a separate /boot, / and /home.
> >>>> This lets me do a full install, blow away old fedora system partitions and
> >>>> not lose any user data.
> >>>>
> >>>> Since that puts down a pristine F16 image, does that mean we need to chown
> >>>> all of the user files that survive in a separate partition?
> >>> Either chown the files, or create a kickstart file that puts
> >>> /etc/login.defs in place in a %pre script. chown is probably much
> >>> simpler unless you have many systems to manage.
> >>> Mirek
> >> Makes sense...
> >>
> >> We should also note that this might be a common need for users who have SAN
> >> attached storage (and that could be large, multi-user systems).
> > If they don't already have a directory or at the very least a way to
> > rsync /etc/passwd around they do not have a production grade
> > installation.
> >
> > If they already have shared user information this change shouldn't make
> > much of a difference to them unless they want to change existing user
> > Ids.
> >
> > Simo.
> >
>
> With SAN attached storage (or just the clean install example I gave earlier in
> the thread), the install will have existing user ID's but their /etc/password
> (and so on) will get nuked during the install which could/will re-use existing
> user ID's.
>
> rsync won't help since their data is all local already. You will need to "chown"
> the user files to the higher range PID's.

If you nuke /etc/passwd you always need to do that anyway.
If you rely on useradd() to create users with the same ids as before
that's really poor admin practice.

Simo.

--
Simo Sorce * Red Hat, Inc * New York

--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 07-20-2011, 06:42 PM
Ric Wheeler
 
Default Starting user UIDs at 1000 - please check your packages

On 07/20/2011 02:06 PM, Simo Sorce wrote:
> On Wed, 2011-07-20 at 13:52 -0400, Ric Wheeler wrote:
>> On 07/20/2011 01:19 PM, Simo Sorce wrote:
>>> On Wed, 2011-07-20 at 12:29 -0400, Ric Wheeler wrote:
>>>> On 07/20/2011 12:28 PM, Miloslav Trmač wrote:
>>>>> On Wed, Jul 20, 2011 at 6:24 PM, Ric Wheeler<rwheeler@redhat.com> wrote:
>>>>>> I normally build systems with (at least!) a separate /boot, / and /home.
>>>>>> This lets me do a full install, blow away old fedora system partitions and
>>>>>> not lose any user data.
>>>>>>
>>>>>> Since that puts down a pristine F16 image, does that mean we need to chown
>>>>>> all of the user files that survive in a separate partition?
>>>>> Either chown the files, or create a kickstart file that puts
>>>>> /etc/login.defs in place in a %pre script. chown is probably much
>>>>> simpler unless you have many systems to manage.
>>>>> Mirek
>>>> Makes sense...
>>>>
>>>> We should also note that this might be a common need for users who have SAN
>>>> attached storage (and that could be large, multi-user systems).
>>> If they don't already have a directory or at the very least a way to
>>> rsync /etc/passwd around they do not have a production grade
>>> installation.
>>>
>>> If they already have shared user information this change shouldn't make
>>> much of a difference to them unless they want to change existing user
>>> Ids.
>>>
>>> Simo.
>>>
>> With SAN attached storage (or just the clean install example I gave earlier in
>> the thread), the install will have existing user ID's but their /etc/password
>> (and so on) will get nuked during the install which could/will re-use existing
>> user ID's.
>>
>> rsync won't help since their data is all local already. You will need to "chown"
>> the user files to the higher range PID's.
> If you nuke /etc/passwd you always need to do that anyway.
> If you rely on useradd() to create users with the same ids as before
> that's really poor admin practice.
>
> Simo.

Agreed, but that does not mean that we don't need to flag this as something to
be aware of

(In practice, for a laptop/desktop with a couple of users, this has not been a
practical issue for most clean install upgrades.)

Ric

--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 07-20-2011, 08:55 PM
James Antill
 
Default Starting user UIDs at 1000 - please check your packages

On Wed, 2011-07-20 at 18:28 +0200, Miloslav Trmač wrote:
> On Wed, Jul 20, 2011 at 6:24 PM, Ric Wheeler <rwheeler@redhat.com> wrote:
> > I normally build systems with (at least!) a separate /boot, / and /home.
> > This lets me do a full install, blow away old fedora system partitions and
> > not lose any user data.
> >
> > Since that puts down a pristine F16 image, does that mean we need to chown
> > all of the user files that survive in a separate partition?
> Either chown the files, or create a kickstart file that puts
> /etc/login.defs in place in a %pre script. chown is probably much
> simpler unless you have many systems to manage.

Is it really necessary to change this in %pre ... can't you just copy
your old login.defs file over the installed one during kickstart %post
(or even do it by hand, post install)?

--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 07-20-2011, 08:59 PM
Miloslav Trmač
 
Default Starting user UIDs at 1000 - please check your packages

On Wed, Jul 20, 2011 at 10:55 PM, James Antill <james@fedoraproject.org> wrote:
> On Wed, 2011-07-20 at 18:28 +0200, Miloslav Trmač wrote:
>> On Wed, Jul 20, 2011 at 6:24 PM, Ric Wheeler <rwheeler@redhat.com> wrote:
>> > I normally build systems with (at least!) a separate /boot, / and /home.
>> > This lets me do a full install, blow away old fedora system partitions and
>> > not lose any user data.
>> >
>> > Since that puts down a pristine F16 image, does that mean we need to chown
>> > all of the user files that survive in a separate partition?
>> Either chown the files, or create a kickstart file that puts
>> /etc/login.defs in place in a %pre script. *chown is probably much
>> simpler unless you have many systems to manage.
>
> *Is it really necessary to change this in %pre ... can't you just copy
> your old login.defs file over the installed one during kickstart %post
> (or even do it by hand, post install)?

Unfortunately it is necessary to do it in %pre because users and
groups created in package scriptlets without specifiying an UID/GID
explicitly get assigned 999, 998, ... .
Mirek
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 07-21-2011, 04:57 PM
James Antill
 
Default Starting user UIDs at 1000 - please check your packages

On Wed, 2011-07-20 at 22:59 +0200, Miloslav Trmač wrote:
> On Wed, Jul 20, 2011 at 10:55 PM, James Antill <james@fedoraproject.org> wrote:
> > Is it really necessary to change this in %pre ... can't you just copy
> > your old login.defs file over the installed one during kickstart %post
> > (or even do it by hand, post install)?
>
> Unfortunately it is necessary to do it in %pre because users and
> groups created in package scriptlets without specifiying an UID/GID
> explicitly get assigned 999, 998, ... .

Doing it this way means it is guaranteed 100% incompatible between
versions, NFS etc. will be a giant pain for a lot of users. Would it not
be possible to change the behaviour to be more compatible (Eg. assign
the first 99 from 499-400, and then move to 999)?
It seems like a big price to pay to go from "you may be affected" to
"we guarantee we've it".

--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 07-21-2011, 05:59 PM
seth vidal
 
Default Starting user UIDs at 1000 - please check your packages

On Thu, 2011-07-21 at 12:57 -0400, James Antill wrote:
> On Wed, 2011-07-20 at 22:59 +0200, Miloslav Trmač wrote:
> > On Wed, Jul 20, 2011 at 10:55 PM, James Antill <james@fedoraproject.org> wrote:
> > > Is it really necessary to change this in %pre ... can't you just copy
> > > your old login.defs file over the installed one during kickstart %post
> > > (or even do it by hand, post install)?
> >
> > Unfortunately it is necessary to do it in %pre because users and
> > groups created in package scriptlets without specifiying an UID/GID
> > explicitly get assigned 999, 998, ... .
>
> Doing it this way means it is guaranteed 100% incompatible between
> versions, NFS etc. will be a giant pain for a lot of users. Would it not
> be possible to change the behaviour to be more compatible (Eg. assign
> the first 99 from 499-400, and then move to 999)?
> It seems like a big price to pay to go from "you may be affected" to
> "we guarantee we've it".

I agree. We KNOW that this will impact a number of users - many of them
in a position to have to support older machines and newer machines and
will be wedged with some awful solutions for a while.

If we can't go to 999 how about we go way up to the 2million+ range?

either way: +1 to what James wrote.

-sv


--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 07-21-2011, 06:15 PM
Miloslav Trmač
 
Default Starting user UIDs at 1000 - please check your packages

On Thu, Jul 21, 2011 at 6:57 PM, James Antill <james@fedoraproject.org> wrote:
> On Wed, 2011-07-20 at 22:59 +0200, Miloslav Trmač wrote:
>> On Wed, Jul 20, 2011 at 10:55 PM, James Antill <james@fedoraproject.org> wrote:
>> > *Is it really necessary to change this in %pre ... can't you just copy
>> > your old login.defs file over the installed one during kickstart %post
>> > (or even do it by hand, post install)?
>>
>> Unfortunately it is necessary to do it in %pre because users and
>> groups created in package scriptlets without specifiying an UID/GID
>> explicitly get assigned 999, 998, ... .
>
> *Doing it this way means it is guaranteed 100% incompatible between
> versions, NFS etc. will be a giant pain for a lot of users. Would it not
> be possible to change the behaviour to be more compatible (Eg. assign
> the first 99 from 499-400, and then move to 999)?

No, applications expect system accounts and user accounts to have
non-overlapping ID intervals. So this would be just a more broken
version of keeping the limit at 500.
Mirek
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 

Thread Tools




All times are GMT. The time now is 01:42 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org