Re: Unix group to handle CDD roles?
On Wed, Apr 07, 2004 at 09:11:17AM +0200, Andreas Tille wrote:
> After a short view I'm afraid we will have no chance to circumvent
> techniques like LDAP and I hope for some experiences from the
> Debian-Edu people here (because I do not more about LDAP than that it
> exists and works anywhere ...).
I fear LDAP is too complicated to be used in a generic/generalised
infrastructure like CDD aims to be.
But since I'm a LDAP supporter :), if there will be consensus on using
it, there'll be no problem to study a solution with it as a custom
distro directory.
I exclude netgroups for same 'unix philosophy' problem
- groups control access to filesystem by ownership
- netgroups control access to net services/hosts by ownership
unless we consider (forcedly?) CDD as a service, and so
handleble by netgroups. IMHO it's not.
Anyway, since:
1) it's widely probable that some CDD projects need unix group in
addition to the role handling, and in this case it should maintain
two parallel list with the same users inside.
2) it's quite unprobable that the case of GID shortage could verifies on
a med-dent single computer installation, but only on big clusters
with plenty of users, where group ownerships is anyway needed by its
own structure, independelty from how many CDD are installed in the
cluster.
ie: subsetting users is anyway needed, CDD groups is only an helper
3) I do not think that, even a big cluster, would install more then 3/4
CDD projects at the same time (it means 3/4 unix groups).
4) unix groups are easily exportable by NIS & Co. and there are
standard implemented methods to extract/handle infos.
I do not think so bad to use dynamically allocated groups for this
purpose.
Surely LDAP would be a more cleany and unix-like (and funny? :)
solution to consider.
I do not know other group handling methods except the home-made ones,
with the problem of system integration.
My 2 cents.
cheers,
c.
Reply to: