Re: qmail should use different uids

To: debian-devel@lists.debian.org
Subject: Re: qmail should use different uids
From: "Mr. Christopher F. Miller" <cfm@maine.com>
Date: Fri, 19 Nov 1999 08:17:34 -0500
Message-id: <19991119081734.A17103@maine.com>
In-reply-to: <19991119020109.B5425@mors.net>; from wichert@cistron.nl on Fri, Nov 19, 1999 at 02:01:09AM +0100
References: <19991117183000.C19105@justice.loyola.edu> <Pine.LNX.3.96.991117175011.21481A-100000@wakko.deltatee.com> <19991117220937.A8953@maine.com> <19991119020109.B5425@mors.net>

On Fri, Nov 19, 1999 at 02:01:09AM +0100, Wichert Akkerman wrote:
> Previously Mr. Christopher F. Miller wrote:
> > We could make base-passwd a virtual package depending on either 
> > base-passwd-qmail or base-passwd-non-qmail.
> 
> That would be silly.

Yes, I was being a bit tongue-in-cheek.

But there is another element I'd like to bring up. (Below)

> 
> > But seriously, I'd personally be a bit annoyed at having to reconfigure 
> > several dozen systems. 
> 
> You wouldn't have to, it's perfectly possible to do this unattended.
> qmail is a special case since we should know exactly what files have
> which owner.

I'll grant we know most of the files.  I'm not so sure about all my
virtual pop setups.  I don't **think** they have any hardcoded uid/gids
but neither would an automated conversion find them.

> 
> The advantage is simple: if we get all references to non-free removed
> from main the FSF will distribute Debian as well. Having the qmail uids
> in the default passwd would clearly be unacceptable for them.

Correct me if I'm wrong, but is that "official" from them or your
best judgement as to what they might want/do/prefer?  Unattended, partially
attended, whatever, this is still going to be a substantial amount of
work if it goes through and it would be best to know if it were really
necessary (from FSF pov).

Bigger issue/my real issue:
We maintain several dozen systems and keep a consistent uid/gid across
all, even to gateway boxes within client companies and to users within
virtual ftp sites.  Can you imagine how painful it was to convert
from nobody:nogroup 512:16 to the current 65534?  But finally we got
our passwd files in alignment with the distribution only a month ago -
a year and a half process converting from Slackware/tarball to debian -
mostly caused by different uid/gid space.

How can I use the current passwd/adduser (?) system in such a scenario?
Dynamically assigned userid might be fine for a single standalone system,
but they cause network headaches.  proxy on one machine is telnetd on
another, mysql on yet another, yeech.

Would it make sense to provide for local mapping of uid/gid in
base-passwd?  How about some way of knowing what will be coming down
the tube?  apt-get install base-passwd-map or some such?  Maybe within
the debian distro these uids might be dynamic, but on any one person's
system they should be static once assigned.

How do we do that? (Or Rocky and Bullwinkle install "base-passwd-qmail"?)

Best,

cfm

-- 

Christopher F. Miller, Publisher                             cfm@maine.com
MaineStreet Communications, Inc         208 Portland Road, Gray, ME  04039
1.207.657.5078                                       http://www.maine.com/
Database publishing, e-commerce, office/internet integration, Debian linux.

Reply to:

References:
- Re: qmail should use different uids
  - From: Michael Stone <mstone@debian.org>
- Re: qmail should use different uids
  - From: Jason Gunthorpe <jgg@ualberta.ca>
- Re: qmail should use different uids
  - From: "Mr. Christopher F. Miller" <cfm@maine.com>
- Re: qmail should use different uids
  - From: Wichert Akkerman <wichert@cistron.nl>

Prev by Date: Re: Debian FreeBSD
Next by Date: Re: Debian FreeBSD
Previous by thread: Re: qmail should use different uids
Next by thread: Please test base-passwd 3.0.3 (last chance to save your system :)
Index(es):
- Date
- Thread