Re: Static UIDs and GIDs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Apr 12, 2013 at 09:35:27AM -0400, Tom Lane wrote:
> Stephen Gallagher <sgallagh@xxxxxxxxxx> writes:
> > On 04/11/2013 03:30 PM, "J??hann B. Gu??mundsson" wrote:
> >> Based on experience storing system related uid's and gid's in ldap
> >> is a bad idea ( what happens if you cant reach your ldap )
> 
> > That was true once upon a time, but I'd like to mention that in the
> > era of SSSD for user-ID lookups, there are a great many deployments
> > out there using LDAP for such IDs quite successfully.
> 
> Is this new technology since, um, January?  Because I was told as
> recently as January that you can't rely on systemd knowing about
> UIDs that are defined in LDAP:
> https://bugzilla.redhat.com/show_bug.cgi?id=894750#c4
> 
> The context there was that any service with tmpfiles.d entries had
> better have uid/gid that are known at poweron.  Reliably, not just
> most of the time.  I'm uninterested in somebody telling me they'll
> cache the values, because *I* get the bug report when it doesn't work.
> 
I've made a note in the ticket to look at wording around LDAP when I start
changing the draft.  I do note that lennart mentioned SSSD as a way to make
LDAP suitable though:

"""
 There are solutions for that (i think sssd can cache that for you), but as
 system users are generally managed by postinst scripts, and hence are more
 under the ownership of the OS than the admin I'd not bother.
"""

So I'm not certain I should vastly discourage the use of LDAP for system
accounts.  If LDAP + SSSD does work reliably then packages should probably
support that use case even if they don't cater specifically to it (and a
preallocation-based policy would allow that).

-Toshio

Attachment: pgpD772mk6r6y.pgp
Description: PGP signature

--
packaging mailing list
packaging@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/packaging

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite Forum]     [KDE Users]

  Powered by Linux