On Thu, 13 Jun 1996, Jeffrey Carpenter wrote:
> >> And I changed the UID for nobody from -2 to 60001.
> >
> >Please do not do this. -2 has the virtue that it's
> >unambiguous (i.e., doesn't depend on being stored as
> >a signed value of a particular size), and is a clear
> >sentinel value outside the normal range of valid UIDs.
> >60001 is smack-dab in the middle of the UID space on
> >systems that support large UIDs, and will force nearly
> >every program that deals with UIDs to make explicit
> >checks for that value even if they don't know or care
> >about user nobody.
>
> The problem is that this value is not common across operating systems.
> Solaris 2 has nobody defined as 60001.
And on AIX, "nobody" has a value of 4294967294. With different systems
(including DCE) all having different UIDs and GIDs for the various
system IDs, how does one know what to make as a common base for the
cell? And if each site picks a different common base, what other
problems does this cause?
This seems to be the one advantage NIS has over DCE. Entries in
/etc/passwd and /etc/group get first crack at resolving IDs, and only
non-entries (Ids that are in the NIS, but not in the /etc/passwd and
/etc/group files) get resolved by NIS. If DCE worked this way, it
wouldn't make any difference what the different values were between
DCE and the various /etc/passwd and /etc/group files on different unix
systems. It would also give the owners of the DCE client machines more
control over who could make logins (DCE or otherwise) to their
machines. At first glance, I think you could do away with
passwd_import, passwd_export, passwd_override and group_override (I'm
sure I've made some mistake with this last statement, but off of the
top of my head, I'm not sure what it is (but I'm sure someone will
tell me)).
There must be some reason why the different DCE vendors didn't take
the NIS approach. Does anyone know what that might be (I know that DCE
does much more than NIS does, and I'm not suggesting for a second that
NIS does anything else (other then in this one small area) better then
DCE, so please lets not turn this into a religious war comparing NIS
and DCE)?
I also assume that, even if everyone agreed that NIS did this one area
better than DCE, that by now it would be impossible to get all of the
different DCE vendors to redo DCE to match NIS (in this one small area
only). Is that a valid assumption?
____ __ __ EMail: [EMAIL PROTECTED]
/ /_/ /_ VMail: (313) 577-4742
/. /\. __/. Fax: (313) 577-5626
Home Page: http://tom.cc.wayne.edu
Anon FTP: ftp://tom.cc.wayne.edu
For my PGP PUBLIC KEY BLOCK,
finger [EMAIL PROTECTED]
"A common mistake that people make when trying
to design something completely foolproof was Douglas Adams
to underestimate the ingenuity of complete Mostly Harmless
fools."
