MINUID and MINSSSUID sound fine. Gabe
On Wed, May 14, 2014 at 9:11 AM, Petr Spacek <pspa...@redhat.com> wrote: > On 14.5.2014 16:55, Gabe Alford wrote: > >> What are your thoughts on this? Added UID and SSSUID entities and cleaned >> up the original patch down to a regular paragraph. >> > > The text itself seems good. Can we think of a better names than UID and > SSSUID? > > Maybe something like MINUID and MINSSSUID? I don't know. > > Conditional ACK: The patch can be pushed if we can find better names for > entities. > > Thank you for your contribution! > > Petr^2 Spacek > > > Gabe >> >> >> On Wed, May 14, 2014 at 2:32 AM, Petr Spacek <pspa...@redhat.com> wrote: >> >> On 14.5.2014 01:05, Gabe Alford wrote: >>> >>> I had a typo with the one of the UIDs which is fixed with this patch. >>>> >>>> The difference is that Fedora/SSSD treats UIDs of 1000 and below as >>>> local >>>> system accounts whereas RHEL treats local system accounts at 500 and >>>> SSSD >>>> local system accounts at 1000. That's why there are conditional >>>> paragraphs >>>> based on if it is Fedora or RHEL. >>>> >>>> >>> I think we should define entity (similar to &OS) for this purpose. >>> >>> Please look at FreeIPA_Guide.ent and Identity_Management_Guide.ent. >>> >>> Petr^2 Spacek >>> >>> >>> On Tue, May 13, 2014 at 7:55 AM, Petr Viktorin <pvikt...@redhat.com> >>> >>>> wrote: >>>> >>>> On 05/09/2014 04:14 AM, Gabe Alford wrote: >>>> >>>>> >>>>> Hello, >>>>> >>>>>> >>>>>> Just wondering if there are any takers in reviewing this >>>>>> patch. >>>>>> >>>>>> >>>>>> Sorry, looks like it fell through the cracks :( >>>>> >>>>> AFAIK the &OS; entity should work for both Fedora and RHEL, so it >>>>> should >>>>> be possible to only have one copy of the paragraph. Or is there >>>>> something I >>>>> missed? >>>>> >>>>> >>>>> Gabe >>>>> >>>>>> >>>>>> >>>>>> >>>>>> On Mon, Apr 21, 2014 at 5:48 PM, Gabe Alford <redhatri...@gmail.com >>>>>> <mailto:redhatri...@gmail.com>> wrote: >>>>>> >>>>>> Hello, >>>>>> >>>>>> Patch for the following ticket to add note in documentation >>>>>> about >>>>>> bad uid ranges: >>>>>> https://fedorahosted.org/freeipa/ticket/2090 >>>>>> >>>>>> Thanks, >>>>>> >>>>>> Gabe >>>>>> >>>>>
From a01b6e1a132e33dedee8ac347503065a3e6ee14d Mon Sep 17 00:00:00 2001 From: Gabe <redhatri...@gmail.com> Date: Wed, 14 May 2014 10:36:59 -0600 Subject: [PATCH] [DOC] Sometimes users set bad uid ranges https://fedorahosted.org/freeipa/ticket/2090 --- src/user_guide/en-US/Users.xml | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/src/user_guide/en-US/Users.xml b/src/user_guide/en-US/Users.xml index a260855b8742b5738c4660beaa400c7e73666c6e..e5b34c1984c29672b46fb2b632df2a8cdc06799c 100644 --- a/src/user_guide/en-US/Users.xml +++ b/src/user_guide/en-US/Users.xml @@ -1053,7 +1053,15 @@ Disabling Plugin</screen> range is depleted so that less than 100 IDs are available, it can contact one of the available servers for a new range allotment. A special extended operation splits the range in two, so that the original server and the replica each have half of the available range. </para> - + <note> + <title>NOTE</title> + <para> + It is possible for an administrator to define an ID number range — which means that it is possible for an administrator to define a <emphasis>bad</emphasis> range. + </para> + <para> + &OS; reserves all UID/GID numbers below &MINUID; for system use, and SSSD treats all UID/GID numbers below &MINSSSUID; as local system accounts. If an administrator sets the ID range to start at 500 to interact with a legacy application (for example), then user accounts assigned an ID number below &MINSSSUID; will be unable to log in, because their user account is not recognized by SSSD. + </para> + </note> </section> <section id="Assigning_UIDs_and_GIDs-Adding_New_Ranges"> -- 1.9.0
From 6bcba475dd389f09a2caa16cb877f624bac70eb9 Mon Sep 17 00:00:00 2001 From: Gabe <redhatri...@gmail.com> Date: Wed, 14 May 2014 10:38:49 -0600 Subject: [PATCH] Define entity for UIDs - Added UID and SSSUID as entities --- src/user_guide/en-US/FreeIPA_Guide.ent | 2 ++ src/user_guide/en-US/Identity_Management_Guide.ent | 2 ++ 2 files changed, 4 insertions(+) diff --git a/src/user_guide/en-US/FreeIPA_Guide.ent b/src/user_guide/en-US/FreeIPA_Guide.ent index 3ddca551a1b40c474d65d799177a0ed4934ad854..f26f701ec7978a404e3551e7a7bdffdfcb218684 100644 --- a/src/user_guide/en-US/FreeIPA_Guide.ent +++ b/src/user_guide/en-US/FreeIPA_Guide.ent @@ -18,6 +18,8 @@ <!ENTITY IPAA "a FreeIPA"> <!ENTITY IPAB "A FreeIPA"> <!ENTITY OS "Fedora"> +<!ENTITY MINUID "1000"> +<!ENTITY MINSSSUID "&MINUID;"> <!ENTITY TITLE_TPREVIEW ""> <!-- directory locations --> diff --git a/src/user_guide/en-US/Identity_Management_Guide.ent b/src/user_guide/en-US/Identity_Management_Guide.ent index ce0bfcea65d7c6a7566345db6e2994649dc96d77..c4220333379634e28db7c6460cb92d33708dc7a6 100644 --- a/src/user_guide/en-US/Identity_Management_Guide.ent +++ b/src/user_guide/en-US/Identity_Management_Guide.ent @@ -20,6 +20,8 @@ <!ENTITY IPAA "an IdM"> <!ENTITY IPAB "An IdM"> <!ENTITY OS "&RHEL;"> +<!ENTITY MINUID "500"> +<!ENTITY MINSSSUID "1000"> <!ENTITY TITLE_TPREVIEW "(TECH PREVIEW)"> <!-- directory locations --> -- 1.9.0
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel