On Tue, 2006-03-07 at 17:35 +0100, Enrico Scholz wrote: > rc040203@xxxxxxxxxx (Ralf Corsepius) writes: > > >> Walk me through this then, I use fedora-usermgmt to create a user for my > >> nagios package. What uid does it select, how does it select that UID, > >> and when you install it on your machine, how does it have the same UID > >> that it did when it was installed on my machine? > > > > Then Enrico also might explain how to propagate this UID to the > > NIS/LDAP server hosting a network's network-wide uids. > > 1. I think, it is a bad idea to manage system users in NIS/LDAP. I partially agree, I partially disagree: I agree, sharing "reserved uids" with nis/ldap is problematic, nevertheless you will find this in existing systems. However, using sharing "non-reserved" uids is rather non-problematic, because many such uids/gids actually are oridinary user ids without any special requirements. > This > adds a lot of requirements (and points of possible failures) for > starting a service: > > * network must be up/working > * SSL certificates must not be expired > * NIS/LDAP server must be up > * supporting servers (DNS, firewall) must be up Yes, such a setup is quite demanding, nevertheless this is supposed to work out of the box in a standard WS setup (And except of some occasional hickups in init script priorities, really does). > I prefer /etc/passwd for system users Well, it doesn't matter what YOU prefer, it matters what a network's sysadmins want. In real world networks you'll encounter issues, you can't have any chance to know about, be it them using uid < 500 for ordinary users, because they have several decades of tradition in doing so (from SunOS times) and because the boss/enterprise founder doesn't want to return his uid 101, or because they are mapping phone numbers to uids (This is a case I actually had been confronted with). > 2. 'fedora-usermgmt' eases propagation of UIDs to NIS/LDAP servers. Well, it is just ONE way of doing it, but it is not "the only way to do it", nor is it "THE CORRECT way of doing it" - It's not much more but the way YOU prefer, and as such it inevitably will conflicts with other approaches/strategies. The problem, why I consider using fedora-usermgmt in RPMS to be stupid is making this approach mandatory. The point is: To admins in a non-Fedora network, fedora-usermgmt doesn't provide any benefits because admins will have to manually intervene in any case, no matter if fedora-usermgmt or vanilla useradd etc. are used. My conclusion: fedora-usrmgt should not be pulled in any package in Fedora unless the installer explicitly requests to do so, i.e. it should be an "rpm-alternative" to useradd etc. and not be a requirement. Ralf -- fedora-extras-list mailing list fedora-extras-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-extras-list
