On 04/22/2015 09:07 PM, Jan Engelhardt wrote:
On Wednesday 2015-04-22 12:54, Tim Serong wrote:
classic system range: 0--99,65534 modern system range: 0--999,65534,4294967294 user range: 1000--{at least 2 million}
Yes and no. The default range for dynamically allocated uids is defined in /etc/login.defs.
Which won't help you, because the LDAP tree(*) may be administered from a place where there is a different login.defs. Or the tool ignores login.defs outright. Or there is no login.defs to start with. LDAPAdmin.exe, web-based IDMs, you name it.
(*) Or any kind of user database that is made available to multiple systems.
OK, so what are my options here, given that the ceph project still needs a fixed UID/GID for the ceph user and group? Some ideas: 1) We (openSUSE) can follow Debian's reserved 60-64K range (which also is the proposed LSB solution is to this problem, as Ludwig mentioned before in https://github.com/LinuxStandardBase/lsb/blob/master/documents/wip/userNamin...), but because we've never reserved that range before, we have risks as you mention above with different login.defs, etc. with making that an official thing. 2) I can ignore the above risk and just copy Debian anyway for our ceph packages, without making this an official process. The rpm %pre script would need to include a guard invocation of `/usr/bin/id $WHATEVER_ID` to make sure it wasn't already in use then spit an error message at the user telling them to manually allocate some other UID/GID in this case. 2) I can copy what Fedora does, assuming they eventually allocate a static UID/GID for Ceph, but that will presumably be somewhere between 100-200, which conflicts with our dynamically allocated system account range of 100-499 (i.e. it may or may not conflict on any given host with existing system users). This can be somewhat mitigated with the guard mentioned in "2" above, but TBH my gut feeling is that on random server systems, we're more likely to hit a conflict in this range than in the 60-64K range (although my gut is not infallible...) 3) I can hope that there is still one UID/GID free in the range 0-99, then unilaterally decide to use it ;) assuming I can find some canonical source for what's already assigned in this range on SLES and openSUSE :( 4) I can pick a random UID between 500-999, which again is outside our usual defined ranges Any other ideas? :) Regards, Tim -- Tim Serong Senior Clustering Engineer SUSE tserong@suse.com -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org