[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: gids assigned non-deterministically

Roberto C. Sanchez <roberto@connexer.com> wrote:
> I have started working with transitioning a network to LDAP.  I am still
> experimenting with this at home before implementing it "for real."  This
> brings me to my concern.  It appears that many groups are added to the
> system "willy-nilly."  By that I mean, I have one system where part of
> the /etc/group file looks like this:

> gdm:x:101:
> man:x:12:
> sasl:x:45:
> ssh:x:102:

> On another system, it looks like this:

> gdm:x:101:
> sword:x:102:

> For instance, on one system the camera group has gid 111 and 113 on the
> other.

See http://www.at.debian.org/doc/debian-policy/ch-opersys.html#s9.2.2

> That is a problem if I want to server everything up out of LDAP.

Either install the packages which dynamically add system users on a master
machine first and set them up and export them in LDAP (they won't be
re-generated on the client machines if the user already is present) or do
not keep system users in LDAP.
cu andreas
The 'Galactic Cleaning' policy undertaken by Emperor Zhark is a personal
vision of the emperor's, and its inclusion in this work does not constitute
tacit approval by the author or the publisher for any such projects,
howsoever undertaken.                                (c) Jasper Ffforde

Reply to: