Mailinglist Archive: opensuse-factory (437 mails)

< Previous Next >
Re: [opensuse-factory] register static UID/GID on openSUSE?
On 04/22/2015 09:07 PM, Jan Engelhardt wrote:

On Wednesday 2015-04-22 12:54, Tim Serong wrote:

classic system range: 0--99,65534
modern system range: 0--999,65534,4294967294
user range: 1000--{at least 2 million}

Yes and no. The default range for dynamically allocated uids is defined
in /etc/login.defs.

Which won't help you, because the LDAP tree(*) may be administered
from a place where there is a different login.defs. Or the tool
ignores login.defs outright. Or there is no login.defs to start with.
LDAPAdmin.exe, web-based IDMs, you name it.


(*) Or any kind of user database that is made available to multiple
systems.

OK, so what are my options here, given that the ceph project still needs
a fixed UID/GID for the ceph user and group?

Some ideas:

1) We (openSUSE) can follow Debian's reserved 60-64K range (which also
is the proposed LSB solution is to this problem, as Ludwig mentioned
before in
https://github.com/LinuxStandardBase/lsb/blob/master/documents/wip/userNaming.txt),
but because we've never reserved that range before, we have risks as you
mention above with different login.defs, etc. with making that an
official thing.

2) I can ignore the above risk and just copy Debian anyway for our ceph
packages, without making this an official process. The rpm %pre script
would need to include a guard invocation of `/usr/bin/id $WHATEVER_ID`
to make sure it wasn't already in use then spit an error message at the
user telling them to manually allocate some other UID/GID in this case.

2) I can copy what Fedora does, assuming they eventually allocate a
static UID/GID for Ceph, but that will presumably be somewhere between
100-200, which conflicts with our dynamically allocated system account
range of 100-499 (i.e. it may or may not conflict on any given host with
existing system users). This can be somewhat mitigated with the guard
mentioned in "2" above, but TBH my gut feeling is that on random server
systems, we're more likely to hit a conflict in this range than in the
60-64K range (although my gut is not infallible...)

3) I can hope that there is still one UID/GID free in the range 0-99,
then unilaterally decide to use it ;) assuming I can find some canonical
source for what's already assigned in this range on SLES and openSUSE :(

4) I can pick a random UID between 500-999, which again is outside our
usual defined ranges

Any other ideas? :)

Regards,

Tim
--
Tim Serong
Senior Clustering Engineer
SUSE
tserong@xxxxxxxx
--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >