[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

User id allocation and fedora-usermgmt



Hi,

I just packaged an application (puppet, bz180571) that requires the
addition of its own user, and was pointed to
http://fedoraproject.org/wiki/Packaging/UserCreation for instructions on
how to create the user in question.

It seems to me that the fedora-usermgmt package doesn't really solve the
issue of user id allocation. For the reasons outlined at
http://fedoraproject.org/wiki/PackageDynamicUserCreationConsideredBad,
we want to allocate user id's for demons statically and permanently;
fedora-usermgmt doesn't really address that issue, instead it sidesteps
it by making the actual uid's used for a package configurable by a site
administrator. It also makes it hard to write a specfile that can be
used with RHEL since fedora-usermgmt is not available by default for
RHEL.

Since user id's available for system users created by packages are a
shared resource, it seems that the problems that fedora-usermgmt tries
to address could be addressed by a clear policy without the need for
separate tools. The policy would carve up the set of user id's available
for system users (0-499) amongst FC and FE and delegate management of
them. For example, the policy could distribute the uid's as

        UID     For use by/managed by
        0-199   Fedora Core, FC steering committee
        200-299 reserved for future allocation
        300-399 Fedora Extras, FeSCo
        400-499 reserved for future allocation

With such a  policy in place, packages can create their users as needed
with the normal shadow-utils and set a fixed uid/gid for them; there's
no need for additional tools.

For Fedora Extras, user id's would be tracked as they are right now at
http://fedoraproject.org/wiki/Packaging/UserRegistry (with all uid/gid's
bumped up by 300) and new uid's/gid's would be allocated during package
review from the FE range 300-399.

David


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]