[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Too many default groups in Skolelinux' LDAP schema?

> > OTH it may be perfectly fine to mix them, just a little harder
> > to "group the groups" :-)
> UID                                    GID
> ----------------------------------------------------------------------
> 0-500     OS assigned - I don't care   0-500 OS assigned - I don't care
> 500-600   Set aside for RH screwups    500-600 UPG for RH screwups
> 600-800   not currently assigned       600-800 UPG for same 
> 800-900   system admins and "specials" 800-900 UPG for system admins
> 900-1000  wasted                       900-1000 department special groups
> 1000-1200 wasted                       1000-1200 normal groups
> 1200-1300 wasted                       1200-1300 web server groups
> 1300-2000 wasted                       1300-2000 future groups
> 2000->    normal users                 2000-> UPG for normal groups
> i found this here. what i did not find was a good reasoning for
> having ranges for special groups/users like admins vs normal
> users etc.

Yes, I was looking out for exaclty the same reasoning. This scheme might
not be particulary practical for us, but it made me wonder if ranges
for system, hardware, admin and regular groups, separated from user
private group UID/GIDs might be beneficial.

One thing I could come up with as perhaps reasonable(?) is that it might
in some cases make it easier to sort users and groups. I.e. not showing
system and admin groups/users by default when offering a selection to
define the belonging of users to regular groups (student, teacher, class,
course, project,...)

Aka: "Too many default groups [visible] in Skolelinux' LDAP schema?"

=> Presenting hardware groups (sound, floppy, cdrecord, ...),
admin groups (root, admin, jr_admin,...) or even system/daemon groups
just if explicitly requested?

Reply to: