On Thu, Jan 29, 2004 at 08:18:11AM -0800, Max Kalika wrote: > Quoting [EMAIL PROTECTED]: > > > In our case, our account database is shared among Solaris, IRIX, Mac OS X, > > BSD, and Linux boxes, so I can't have ebuilds using static ID numbers, as > > there's a good chance they're already in use. > > This is all the more reason to have static UIDs/GIDs. I have all user
"I can't eat eggs because I'm allergic." "All the more reason to eat eggs!" > accounts in mysql with UIDs and GIDs starting at 2000, however if I go > install something that requires a system account which is not in > baselayout's passwd or group file, this new account gets the the next > available UID (i.e. proftpd is now running as 2203). Not cool. However, > if it is explicit that all UIDs below, say, 500 are to be reserved for the > system, and enewuser looks up the UID in PORTDIR/profiles/eid.passwd, the > whole process of creating users is controlled and predictable. Only in the case where all your machines are Gentoo boxes. The uid you just plucked out of eid.passwd may already be used by another OS for an entirely different purpose. Now your sshd is running with httpd's uid, or worse, as a non-system user because, say, Solaris only considers uids under 250 to be system accounts. We have user and system account entries that predate Linus' first kernel. We're certainly not going to chown all their files on hundreds of machines (plus the backup tapes) just to conform to what Gentoo's idea of system accounts should be. I don't think anyone else deploying Gentoo into an existing Unix environment would warm to the idea either. > There are difficulties with other OSes, of course (Daniel referred to > MacOSX in the bug that deals with this issue.) I don't know if it would be > easier to try to solve all these problems ahead of time or come up with a > solution for the "wider audience" now and try to convert later. It's not really a huge undertaking to provide a switch that lets folks do their account management themselves if they need to. I'm not asking that ebuilds should automagically know how to update my NIS maps or talk to your MySQL server. -- [EMAIL PROTECTED] mailing list
