Hi, I added openvpn hid 62 (I forgot about) and it is up-to-date now. You can assign UIDs/GIDs from this table, but please don’t forget to update it like i did.
I wanted to propose to raise user ids start from 1000, but I was stopped with existing installs. So we are stick to UIDs under 100, which is needed for backwards compatibility. However, the available number of UIDs might seem to be low. Delivering RBAC role for every service sounds like a solution, but it most cases it’s tricky. For example, openvpn can drop its privileges itself. It needs to be started as a root, so it can create/delete tun/tap interfaces. If I start it with openvpn role in SMF, it complains that it can’t manipulate with tun/tap interface. There is a solution to this and to specify privileges, but I pretty that is something most people won’t do and it’s easier to deliver ordinary user accounts rather than roles. IMHO, we should go the way of creating RBAC roles and specifying needed privileges. It’ adds some complexity, but on the other hand we are making a use of technology illumos provides, which I see as a benefit. Any other thoughts on this? Cheers, Adam On Nov 7, 2013, at 2:23 PM, Alexander Pyhalov <[email protected]> wrote: > On 11/07/2013 17:12, Adam Števko wrote: >> Hi, >> >> something like this already exists. At least it was created on first >> userland hackathion. >> >> http://wiki.openindiana.org/oi/UIDs+and+GIDs >> >> This should be the list. However, I think that not many are aware of it. >> >> Cheers, >> Adam >> > > Is this page is up to date (or a kind of)? What about assigning additional > uids? For, example, could I take the first unreserved (e.g., 91)? What will > we do when we run out of 100 lower uids? > -- > Best regards, > Alexander Pyhalov, > system administrator of Computer Center of Southern Federal University
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ oi-dev mailing list [email protected] http://openindiana.org/mailman/listinfo/oi-dev
