UID, GID, and all that
Christopher Browne
cbbrowne-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Mon Aug 20 20:53:52 UTC 2012
On Sun, Aug 19, 2012 at 3:46 PM, D. Hugh Redelmeier <hugh-pmF8o41NoarQT0dZR+AlfA at public.gmane.org> wrote:
> | From: Peter King <peter.king-H217xnMUJC0sA/PxXw9srA at public.gmane.org>
>
> | Here's a question I should know the answer to but I'm too jet-lagged to think
> | of it.
>
> Don't sysadmin when jet-lagged. Go for a walk in the fresh air and
> sunshine.
>
> | I'm rebuilding a system, and I've set up a new boot disk, which involved
> | creating a new everyday user (call him "joe").
>
> Always create user with the same UID and GID as they have on other
> systems. Your use case is a good motivating example. So are backups
> and NFS.
>
> I've done that since 1982. Got screwed by progress once: reserving
> 100 UIDs for the system was generous in 1982 so I started numbering at
> 101. Fedora and Ubuntu have grabbed the first 500 or 1000 UIDs in
> recent years. So I have a discontinuity.
I have wound up "hacking" my /etc/hosts and /etc/groups files on new systems.
This actually sounds like the sort of thing that would be interesting
to have a system management tool handle for me.
CFengine3 has a built-in thing for something like this:
https://cfengine.com/manuals/cf3-solutions#Editing-password-or-group-files
https://cfengine.com/manuals/cf3-solutions#Editing-password-or-group-files-custom
The first URL indicates how to edit existing users/groups The second
one indicates how one might add additional users. I imagine that this
makes use of adduser, so that /etc/shadow is managed properly, if
present. (And on some systems, the files aren't /etc/passwd and
/etc/shadow...) I suppose this would not work on a system where
you're using LDAP or RADIUS to manage users. That's probably a merit
to using LDAP/RADIUS.
CFengine2 had a way of indicating that files and directories should
have particular owners, and, as it handled that symbolically, you
could have a script handle a lot of files "en masse." That's a
different aspect/approach.
I wonder if there's a mechanism for "Kickstart-like" mechanisms to
inject custom user requests early-on so as to avert those UIDs and
GIDs being used for something else. Not evident in the Kickstart
docs: <http://kickstart-tools.sourceforge.net/howkickstartworks.html>
--
When confronted by a difficult problem, solve it by reducing it to the
question, "How would the Lone Ranger handle this?"
--
The Toronto Linux Users Group. Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
More information about the Legacy
mailing list