[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Unix group to handle CDD roles?

On Wed, 7 Apr 2004, Cosimo Alfarano wrote:

> I fear LDAP is too complicated to be used in a generic/generalised
> infrastructure like CDD aims to be.
Same for me.  (If you have read the mails from Debian-Jr Ben was quoting
you will notice that I was always in favour of groups, but I surely admit
that this aproach has some constraints which have to be solved).

> But since I'm a LDAP supporter :), if there will be consensus on using
> it, there'll be no problem to study a solution with it as a custom
> distro directory.
Good to know that we have knowledged people in the boat. ;-)
Perhaps we should consider LDAP as an configuration option: The tools
which have to be developed for a common cdd package could read some
configuration file and if there is a "USELDAP=yes" option than go
this way and leave user groups for the more simple setups.  (Again:
I'm not really sure whether this suggestion makes sense.)

> 1) it's widely probable that some CDD projects need unix group in
>    addition to the role handling, and in this case it should maintain
>    two parallel list with the same users inside.
Hmmm, maintaining lists of same information is error prone, IMHO.

> 2) it's quite unprobable that the case of GID shortage could verifies on
>    a med-dent single computer installation, but only on big clusters
>    with plenty of users, where group ownerships is anyway needed by its
>    own structure, independelty from how many CDD are installed in the
>    cluster.
>    ie: subsetting users is anyway needed, CDD groups is only an helper
> 3) I do not think that, even a big cluster, would install more then 3/4
>    CDD projects at the same time (it means 3/4 unix groups).

> I do not think so bad to use dynamically allocated groups for this
> purpose.
> Surely LDAP would be a more cleany and unix-like (and funny? :)
> solution to consider.
Uhm, I think I have a bad sense of humor because I do not regard
LDAP as funny. ;-))

> I do not know other group handling methods except the home-made ones,
> with the problem of system integration.
I'd like to avoid home-made things.

Kind regards


Reply to: