When supporting multiple platforms with AFS, we long ago decided it
was best practice NOT to define any of the OS vendor supplied UIDs and
GIDs using pts. Of course, we learned this the hard way, by defining
them for our first platform (pmax_ul?) and later undefining them when
we found they conflicted with our second major platform (sun4?_4?).
We handled this by writting our own passwd and group file propogator
that new how to merge OS specific IDs with pts IDs to create the local
disk files. Each platform has its own partial passwd and group file
that gets merged in during the propogation process. And this has
worked well for several years.
However, in their DCE 1.1 for Solaris 2.4, Transarc has choosen to
define several normally OS vendor supplied accounts and groups in the
DCE registry. For example, some of them are:
accounts:
nobody:
{uid -2}
root:
{uid 0}
daemon:
{uid 1}
sys:
{uid 2}
bin:
{uid 3}
uucp:
{uid 4}
groups:
system:
{gid 0}
tty:
{gid 7}
kmem:
{gid 4}
However, these conflist with the Sun supplied entries in the
/etc/passwd and /etc/group files:
/etc/passwd:
root:x:0:1:0000-Admin(0000):/:/bin/bash
daemon:x:1:1:0000-Admin(0000):/:
bin:x:2:2:0000-Admin(0000):/usr/bin:
sys:x:3:3:0000-Admin(0000):/:
adm:x:4:4:0000-Admin(0000):/var/adm:
uucp:x:5:5:0000-uucp(0000):/usr/lib/uucp:
nobody:x:60001:60001:uid no body:/:
/etc/group:
root::0:root
other::1:
bin::2:root,bin,daemon
sys::3:root,bin,sys,adm
adm::4:root,adm,daemon
uucp::5:root,uucp
mail::6:root
tty::7:root,tty,adm
lp::8:root,lp,adm
nuucp::9:root,nuucp
staff::10:
daemon::12:root,daemon
sysadmin::14:
nobody::60001:
noaccess::60002:
cert::78:
admin::99:
dev::100:
My question is:
In DCE is it safe to remove *ALL* of these OS vendor supplied
accounts and groups from the registry? Will DCE break in some way
that I cannot imagine?
Bill
-------------------------------------------------------------------------------
Bill Fithen <[EMAIL PROTECTED]>
CERT Coordination Center
Software Engineering Institute
Carnegie Mellon University
+1-412-268-8246
