[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Unix group to handle CDD roles?

On Wed, Apr 07, 2004 at 09:11:17AM +0200, Andreas Tille wrote:
> After a short view I'm afraid we will have no chance to circumvent
> techniques like LDAP and I hope for some experiences from the
> Debian-Edu people here (because I do not more about LDAP than that it
> exists and works anywhere ...).

I fear LDAP is too complicated to be used in a generic/generalised
infrastructure like CDD aims to be.

But since I'm a LDAP supporter :), if there will be consensus on using
it, there'll be no problem to study a solution with it as a custom
distro directory.

I exclude netgroups for same 'unix philosophy' problem
- groups control access to filesystem by ownership
- netgroups control access to net services/hosts by ownership

unless we consider (forcedly?) CDD as a service, and so
handleble by netgroups. IMHO it's not.

Anyway, since:

1) it's widely probable that some CDD projects need unix group in
   addition to the role handling, and in this case it should maintain
   two parallel list with the same users inside.
2) it's quite unprobable that the case of GID shortage could verifies on
   a med-dent single computer installation, but only on big clusters
   with plenty of users, where group ownerships is anyway needed by its
   own structure, independelty from how many CDD are installed in the
   ie: subsetting users is anyway needed, CDD groups is only an helper
3) I do not think that, even a big cluster, would install more then 3/4
   CDD projects at the same time (it means 3/4 unix groups).
4) unix groups are easily exportable by NIS & Co. and there are 
   standard implemented methods to extract/handle infos.

I do not think so bad to use dynamically allocated groups for this
Surely LDAP would be a more cleany and unix-like (and funny? :)
solution to consider.

I do not know other group handling methods except the home-made ones,
with the problem of system integration.

My 2 cents.


Reply to: