On 03/28/14 16:42, Bernhard Voelker wrote:
On 03/28/2014 03:41 PM, Ludwig Nussel wrote:
Bernhard Voelker wrote:
Hmm, the discussion started with problems - at least partly - to avoid clashes in heterogeneous environments, e.g. with LDAP [1]. AFAIK also the UIDs are in LDAP in such a case ... so I don't understand how 'useradd' would help in this scenario. Do I miss something?
I'm not sure I understand what you are trying to say.
Actually the same as Joachim in http://lists.opensuse.org/opensuse-factory/2014-03/msg00386.html
Admins create users in the LDAP. So as there are 2 sources of truth, it is pointless to try to avoid clashing with 'useradd'.
I don't understand your argument. If I pre-establish a user postgres in LDAP, useradd won't add it, as it exists already. No conflict at all, LDAP account is used, no local account is established. Of course, I have to take care that UID # conflicts won't happen by using a different number range than that's used for local system accounts. That minor complication is fine for me: net-wide user accounts are used by a minority of openSUSE installations, no need to make it bullet-proof - it will only be used by professionals, anyhow. I don't ask to make it the default, I ask for not making it a failure and thus making setups like ours impossible. Concerning Christian's proposal to use one daemon account and systemd / modern Linux facilities to handle priviledge separations, which might also be your argument to reduce the number of local daemon users: I have to support heterogenoues environments. Linux-only solutions are out of question. I don't know if your proposal to reduce the number of local daemon users goes into same direction -- if yes, I don't support it. In fact, proponents of Linux-only solutions are IMNSHO not much better than Microsoft fan-boys who want to turn a whole datacenter into an AD controlled environment with Windows-centric conventions. Not caring for heterogenoues [sp?] environments is a recipe for long-term failure, in my experience. Your own prefered environments won't last long enough to enjoy world dominance, even though some younger hot-heads might not believe it. (I started IT work with BS2000 / MVS mainframes more than 3 decades ago and survived the UNIX wars, FWIW; so I have the scars to show that the IT landscape changes faster than some would like it.) Cheers, Joachim -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Joachim Schrod, Roedermark, Germany Email: jschrod@acm.org -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org