Re: running as non-root

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Sat, Dec 06, 2014 at 08:44:41PM +0000, Paulo Almeida wrote:
...
> You can also register uids with Debian. Quoting from the Policy
> Manual[1]:
> 
> The UID and GID numbers are divided into classes as follows:
> 
> 0-99:
>         
>         Globally allocated by the Debian project, the same on every
...

I think you will find it hard to get one of those 99 numbers.  Probably
you would have to argue that your id will show up on almost all systems
anyways - same as "bin", "root", "daemon", etc.

[	Another problem with one number: you probably want the
	*same* number on redhat, ubuntu, suse, etc. -- surely
	you want to allow people to have mixed debian/redhat/ubuntu/suse
	setups. . .	]

The same policy page (https://www.debian.org/doc/debian-policy/ch-opersys.html)
goes on to say:

	100-999:

	    Dynamically allocated system users and groups. Packages which need a
	    user or group, but can have this user or group allocated dynamically
	    and differently on each system, should use adduser --system to create
	    the group and/or user. adduser will check for the existence of the
	    user or group, and if necessary choose an unused id based on the
	    ranges specified in adduser.conf.

I think this is what you really want to be using instead, and it's easy
to find good examples of how to do this in many other existing debian packages.

It does mean the per-machine local "ceph" user might be different
on different machines.  I don't think that this number is actually visible
outside of the local machine, so it should't cause any real problems.
Well, except for ceph.conf.

Probably the easiest fix for "ceph.conf" would be to accept a username instead
of a uid.  The name is what you really care the most about - it means things
you do with ssh between machines will be coordinated.

A more complicated fix might be to separate out "ceph.conf" into a generic
piece that can be shared across all servers and clients, and per-cluster
and per-machine pieces that can be used to contain anything the cluster
needs to keep in common, and anything that doesn't need to be know outside
of that machine.  uid#'s clearly fall into the last category.  The main
software thing that needs to happen for this it to allow for a "/etc/ceph.d/"
directory to contain configuration that gets merged at runtime.

							-Marcus Watts
_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
[Index of Archives]     [Information on CEPH]     [Linux Filesystem Development]     [Ceph Development]     [Ceph Large]     [Linux USB Development]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [xfs]

  Powered by Linux