Gabor Gombas <[EMAIL PROTECTED]> writes: > On Sat, Oct 29, 2005 at 10:21:13PM -0700, Philippe Troin wrote: > > > An other issue that always annoyed me is that assuming a NIS server > > and a NIS client which both install say exim. I want to give some > > users membership in the group Debian-exim. I can't easily. > > > > The UID picked by Debian-exim is not going to be the same for the NIS > > server and all the NIS clients, so I cannot get it propagated by NIS. > > And I don't want to have to maintain the group membership on all the > > clients. > > That is a local administration decision. You should have a clear policy > wether you'll be allowing system groups in NIS _before_ creating the NIS > domain. If you do, you should have a plan _before_ creating the NIS > domain about how you will deal with the inevitable conflicts. > > When I last administered a complex distributed environment (we used > first NIS+ then LDAP, but that's not important), we had a policy that > local software should never use user/group IDs coming from NIS+/LDAP, > and software installed on shared filesystems should never use user/group > IDs _not_ coming from NIS+/LDAP. Mixing local and remote IDs in group > membership was forbidden as well. That worked quite well.
Although I agree with the above on principle, how do you manage membership to the floppy, audio, video, etc groups? Phil. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]