[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: gids assigned non-deterministically

On Mon, Oct 09, 2006 at 07:09:14PM +0200, Andreas Metzler wrote:
> Roberto C. Sanchez <roberto@connexer.com> wrote:
> > I have started working with transitioning a network to LDAP.  I am still
> > experimenting with this at home before implementing it "for real."  This
> > brings me to my concern.  It appears that many groups are added to the
> > system "willy-nilly."  By that I mean, I have one system where part of
> > the /etc/group file looks like this:
> > gdm:x:101:
> > man:x:12:
> > sasl:x:45:
> > ssh:x:102:
> [...]
> > On another system, it looks like this:
> > gdm:x:101:
> > sword:x:102:
> [...]
> > For instance, on one system the camera group has gid 111 and 113 on the
> > other.
> See http://www.at.debian.org/doc/debian-policy/ch-opersys.html#s9.2.2
I will take a look at this.

> > That is a problem if I want to server everything up out of LDAP.
> Either install the packages which dynamically add system users on a master
> machine first and set them up and export them in LDAP (they won't be
> re-generated on the client machines if the user already is present) or do
> not keep system users in LDAP.

You mention users, but does the same work for groups?  If so, I can just
whip up a quick script using `find / -group $foo` for all the groups
whose gids I want to harmonize.  Once that finishes, I can just export
the groups via LDAP and remove them entirely from the local machines.



Roberto C. Sanchez

Attachment: signature.asc
Description: Digital signature

Reply to: