[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bits from the release team: the plans for etch



Gabor Gombas <gombasg@sztaki.hu> writes:

> On Sat, Oct 29, 2005 at 10:21:13PM -0700, Philippe Troin wrote:
> 
> > An other issue that always annoyed me is that assuming a NIS server
> > and a NIS client which both install say exim.  I want to give some
> > users membership in the group Debian-exim.  I can't easily.
> > 
> > The UID picked by Debian-exim is not going to be the same for the NIS
> > server and all the NIS clients, so I cannot get it propagated by NIS.
> > And I don't want to have to maintain the group membership on all the
> > clients.
> 
> That is a local administration decision. You should have a clear policy
> wether you'll be allowing system groups in NIS _before_ creating the NIS
> domain. If you do, you should have a plan _before_ creating the NIS
> domain about how you will deal with the inevitable conflicts.
> 
> When I last administered a complex distributed environment (we used
> first NIS+ then LDAP, but that's not important), we had a policy that
> local software should never use user/group IDs coming from NIS+/LDAP,
> and software installed on shared filesystems should never use user/group
> IDs _not_ coming from NIS+/LDAP. Mixing local and remote IDs in group
> membership was forbidden as well. That worked quite well.

Although I agree with the above on principle, how do you manage
membership to the floppy, audio, video, etc groups?

Phil.



Reply to: