On 06/28/2018 03:06 AM, David T-G wrote:
Hi, all --
...and then David C. Rankin said... % ... % This is the epitome as to why you don't assign UID/GID on package install order... % % "I just installed several servers with Leap and the common configs I have % don't work -- why?" [snip]
Hear, hear!
I know that it offends some sensibilities (mine included), but I just don't see a better method than carving off a range (eg 100-500) for system applications and assigning each in a SuSE central "registry" so that every single installation ends up with the same UIDs & GIDs -- and user and group *names*, too -- by default. We can't all connect to a master passwd & group service at SuSE when installing, and we obviously can't count on packages being installed in the same order every time, but we need structure.
Since we don't want to have useless accounts on a system in this secure day and age and can't just preload all umpteen dozen accounts, build each package with the assignment of the proper account info so that it happens the same way every time. Apache httpd is always installed as apwww/143, nginx is always installed as nginx/144, mysql is always installed as mysqld/186, and so on, and the few who might have reason to deviate from that (versus the many who get screwed when things don't match) can do so easily enough.
Just my twenty millibucks' worth...
HAND
:-D
The problem is bigger than just Opensuse. Not everybody is using the same Distro. RedHat has some standards, https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/5/htm... So does Ubuntu https://people.canonical.com/~cjwatson/ubuntu-policy/policy.html/ch-opersys.... But they are far from complete. There probably aren't more packages competing for the 100-999 range than actual slots, but if there isn't today, there could be in the future. We could treat it like port numbers and kick the problem down the road a few decades. ;-) We might be able to have useless GIDs predefined. And there is no real problem with useless UIDs either as long as they can't log in, or even be used without root first doing so explicitly in some file somewhere. At least the allocation could/should be according to some list rather than just next available. Also getting a suggestion might be acquired via some akin to DNS. This USED to be in DNS as record types 101 and 102, but was obsoleted: https://en.wikipedia.org/wiki/List_of_DNS_record_types#Obsolete_record_types -- After all is said and done, more is said than done. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org