Michael Neuffer <neuffer@neuffer.info>: > Quoting Bob Proulx <bob@proulx.com>: > > Michael Neuffer <neuffer@neuffer.info>: > > > It is a major hustle to resynchronize uids between machines that > > > use NIS. > > Excuse me? You mean that don't use NIS, right? > Nope, that is wrong. I'm used to use NIS in large corporate networks > as well as in my small home network. Me too. I am probably in the middle of the corp pack with 1600 hosts in my neck of the woods. Many sites have less and many have more, sometimes hugely more. But I try not to look back as the lemmings sometimes gain on me. > Nope, just imagine the situation where you different pieces of software > installed on different machines and you > 1. don't have everything installed on your NIS server > 2. don't always install/update your machines in the same order > > This will cause a mess where you get mixed up uids. Something tells me that we will never agree on this because we each have different underlying methodologies. I am sure we each see own own plan as being sane and the other person's plan as being insane. I would find it interesting to hear your plan for your network. In my view of reality one would never share system uids across NFS. That is just insane! Feel free to differ in that opinion of mental state. Here is my view of a good methodology and one that I implement. 1. Never share system uids across NFS. 2. Only non-system uids are valid to share across NFS. 3. System uids are managed by and included in the /etc/passwd file. 4. All non-system uids are managed by and included in NIS/YP. Given the above it does not really matter what the system uid number actually is on any system. It is local to the system and is never shared between any two of them. In that case there can never be a conflict. The order of installation is not relevant if the actual uid is also not relevant. The 'root' user is clearly the only non-controversial system user. But what about others? I include all daemon processes and any "part of the machine" as a system user. All others are non-system users. I can turn NFS off on any host and the "system" continues to run without noticing. Non-system processes can and do depend upon NFS, however. I think a good dividing line for uid numbers is the same as the system uses and in Debian uids less than 1000 are system users and uids 1000 and larger are non-system users. That is an arbitrary line but why not keep your system consistent with the documented system behavior? I am sure you are going to tell me that you are sharing sendmail or postfix or exim spool data across machines and therefore those traditionally system uids are really non-system in your case. I think that is really bad since those programs were not designed to share their spool directories. There may be filename collisions and other problems. You would be taking matters into your own hands and diverging from accepted wisdom by doing that. Bob
Attachment:
pgp_3VH3d7X1a.pgp
Description: PGP signature