Feature changed by: Ludwig Nussel (lnussel)
Feature #310922, revision 32
Title: central system user registry
openSUSE Distribution: Evaluation by project manager
Requested by: Ludwig Nussel (lnussel)
Partner organization: openSUSE.org
Once upon a time all systems users were defined in aaa_base via the
default /etc/passwd file. When the uid space below uid 100 got too
small a new dynamic range between 100 and 499 was introduced. So
nowadays packages dynamically create a user in %pre which gets a random
uid in this range. Disadvantage: uids are different on every system.
Usually this is not a problem but for programs that export files over
the network it is. TV recordings made by VDR for example. useradd has a
--preferred-uid option for such cases. It's possible to specify a uid
and useradd tries to use it. If it's already taken another one is
Thefore I'd propose to leverage that feature: - introduce a central uid
registry for system users, e.g a file in aaa_base - lower
SYSTEM_UID_MAX (/etc/login.defs) to e.g. 349 and assign "preferred
uids" in the rage 350-499. - change useradd calls in packages to a
macro that transparently decides whether a preferred uid needs to be
- two systems running vdr, one for recording, the other one for
playback on a TV want to share recordings via nfs.
- avoid packagers picking too generic user names
- stable uids across appliances
#1: Jan Engelhardt (jengelh) (2011-03-15 15:15:13)
Recent kernels use NFS4 by default, which transmits the username rather
than UID, so the issue is basically resolved in openSUSE 11.4 already.
#2: Ned Ulbricht (ned_ulbricht) (2011-03-16 14:47:12) (reply to #1)
"Resolved" is a strong word there. :-)
Identity management is a large space with a multiplicity of complexity.
There are numerous solutions in this space. For instance, NIS was
invented to deal with this problem. Then LDAP solutions came along.
These days, I believe Red Hat has some kind of product competing
against Microsoft's Active Directory. And I'd call attention to
Novell's eDirectory product
Anyhow, I couldn't help but comment on your use of the word "resolved"
there. For the benefit of others who may be reading, I think it's worth
generally waving in the direction of some of software shipped with
openSUSE or compatible with the platform.
#3: Ludwig Nussel (lnussel) (2011-04-29 15:52:22)
maybe the new rpm 'collections' feature could be leveraged to avoid
useradd calls in packages.
#4: Ludwig Nussel (lnussel) (2016-12-02 13:46:40)
needs to be revisited with
#15: Anja Stock (neyleah) (2017-10-30 09:01:17Z)
Is there any status update for this? What to do with this request for
#16: RADOSLAV TSVETKOV (rtsvetkov) (2018-02-08 12:28:03Z)
+ #17: Ludwig Nussel (lnussel) (2018-02-12 17:03:38Z) (reply to #16)
+ not from me. the request is still open and valid.