[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: /etc/passwd doesnt contain all users



Michael Neuffer <neuffer@neuffer.info>:
> Quoting Bob Proulx <bob@proulx.com>:
> > Michael Neuffer <neuffer@neuffer.info>:
> > > It is a major hustle to resynchronize uids between machines that 
> > > use NIS.
> > Excuse me?  You mean that don't use NIS, right?
> Nope, that is wrong. I'm used to use NIS in large corporate networks
> as well as in my small home network.

Me too.  I am probably in the middle of the corp pack with 1600 hosts
in my neck of the woods.  Many sites have less and many have more,
sometimes hugely more.  But I try not to look back as the lemmings
sometimes gain on me.

> Nope, just imagine the situation where you different pieces of software 
> installed on different machines and you 
> 1. don't have everything installed on your NIS server
> 2. don't always install/update your machines in the same order
> 
> This will cause a mess where you get mixed up uids.

Something tells me that we will never agree on this because we each
have different underlying methodologies.  I am sure we each see own
own plan as being sane and the other person's plan as being insane.
I would find it interesting to hear your plan for your network.

In my view of reality one would never share system uids across NFS.
That is just insane!  Feel free to differ in that opinion of mental
state.

Here is my view of a good methodology and one that I implement.

1. Never share system uids across NFS.
2. Only non-system uids are valid to share across NFS.
3. System uids are managed by and included in the /etc/passwd file.
4. All non-system uids are managed by and included in NIS/YP.

Given the above it does not really matter what the system uid number
actually is on any system.  It is local to the system and is never
shared between any two of them.  In that case there can never be a
conflict.  The order of installation is not relevant if the actual uid
is also not relevant.

The 'root' user is clearly the only non-controversial system user.
But what about others?  I include all daemon processes and any "part
of the machine" as a system user.  All others are non-system users.  I
can turn NFS off on any host and the "system" continues to run without
noticing.  Non-system processes can and do depend upon NFS, however.

I think a good dividing line for uid numbers is the same as the system
uses and in Debian uids less than 1000 are system users and uids 1000
and larger are non-system users.  That is an arbitrary line but why
not keep your system consistent with the documented system behavior?

I am sure you are going to tell me that you are sharing sendmail or
postfix or exim spool data across machines and therefore those
traditionally system uids are really non-system in your case.  I think
that is really bad since those programs were not designed to share
their spool directories.  There may be filename collisions and other
problems.  You would be taking matters into your own hands and
diverging from accepted wisdom by doing that.

Bob

Attachment: pgp6WoxGBMzM7.pgp
Description: PGP signature


Reply to: