[gentoo-dev] RFC acct-{user,group} for asterisk

[gentoo-dev] RFC acct-{user,group} for asterisk

[Jaco Kroon]

Hi,

As part of taking maintainership of the net-misc/asterisk package (and
related), one of the cleanup items is to use the new acct-{user,group}
method for assigning UID and GID values.

As such I'd like to please reserve UID and GID = 42 for asterisk.

Why 42?

echo -e "\x$(bc <<<"obase=16; 42")"

Current net-misc/asterisk uses a dynamically assigned UID and GID value.

I do not have permission to edit
https://wiki.gentoo.org/wiki/UID_GID_Assignment_Table
(https://api.gentoo.org/uid-gid.txt).

Neither RHEL nor Fedora seems to have an asterisk user.  Arch uses 77. 
We already have qemu on 77.

Kind Regards,
Jaco

Re: [gentoo-dev] RFC acct-{user,group} for asterisk

[Michał Górny]

[-- Attachment #1: Type: text/plain, Size: 845 bytes --]

On Sun, 2019-11-10 at 18:23 +0200, Jaco Kroon wrote:
> Hi,
> 
> As part of taking maintainership of the net-misc/asterisk package (and
> related), one of the cleanup items is to use the new acct-{user,group}
> method for assigning UID and GID values.
> 
> As such I'd like to please reserve UID and GID = 42 for asterisk.
> 
> Why 42?
> 
> echo -e "\x$(bc <<<"obase=16; 42")"
> 
> Current net-misc/asterisk uses a dynamically assigned UID and GID value.
> 
> I do not have permission to edit
> https://wiki.gentoo.org/wiki/UID_GID_Assignment_Table
> (https://api.gentoo.org/uid-gid.txt).
> 
> Neither RHEL nor Fedora seems to have an asterisk user.  Arch uses 77. 
> We already have qemu on 77.
> 

Other distros use 42 for something else, particularly for stuff we have
as well.

-- 
Best regards,
Michał Górny


[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 618 bytes --]

Re: [gentoo-dev] RFC acct-{user,group} for asterisk

[Jaco Kroon]

Hi Michał,

You're right.

Fedora and RHEL has gdm on 42, we don't have gdm via acct-{user,group}
and it's dynamic in the ebuild.

Arch has privoxy user on 42.  We also don't have acct-{user,group} for
that, enewgroup + user is both dynamic in ebuild.

What's the motivation for trying to match the UID and GID values from
other distributions?

I previously tried to motivate a "purely dynamic" allocation with -1,
I'm showing this as an example where such an implementation would once
more be beneficial.

On a similar note, GLEP 27 allowed for overriding config variables
here.  Never got implemented.  GLEP 81 does not.  Oversight or (as per
my suspicion) exclusion to keep things simpler?

Would 142 be acceptable?

Only conflict seems to be activemq on Fedora (which we don't seem to have).

Otherwise 242 seems to be completely available.

I don't particularly care what the exact value ends up being, 42 would
have been a sweet one due to the ascii value of * being 42.


Kind Regards,
Jaco Kroon

On 2019/11/10 18:31, Michał Górny wrote:

> On Sun, 2019-11-10 at 18:23 +0200, Jaco Kroon wrote:
>> Hi,
>>
>> As part of taking maintainership of the net-misc/asterisk package (and
>> related), one of the cleanup items is to use the new acct-{user,group}
>> method for assigning UID and GID values.
>>
>> As such I'd like to please reserve UID and GID = 42 for asterisk.
>>
>> Why 42?
>>
>> echo -e "\x$(bc <<<"obase=16; 42")"
>>
>> Current net-misc/asterisk uses a dynamically assigned UID and GID value.
>>
>> I do not have permission to edit
>> https://wiki.gentoo.org/wiki/UID_GID_Assignment_Table
>> (https://api.gentoo.org/uid-gid.txt).
>>
>> Neither RHEL nor Fedora seems to have an asterisk user.  Arch uses 77.
>> We already have qemu on 77.
>>
>
> Other distros use 42 for something else, particularly for stuff we have
> as well.
>

Re: [gentoo-dev] RFC acct-{user,group} for asterisk

[Michael Orlitzky]

On 11/10/19 12:36 PM, Jaco Kroon wrote:
> 
> What's the motivation for trying to match the UID and GID values from
> other distributions?
> 
> I previously tried to motivate a "purely dynamic" allocation with -1,
> I'm showing this as an example where such an implementation would once
> more be beneficial.
> 

When sharing resources between multiple systems, you need some sort of
centralized identity management. You can put the users in LDAP, for
example, and then force everything to authenticate against that. But,
doing that right is complicated, and is overkill if you just want to
share some files between two machines.

Having fixed UIDs and GIDs on all Gentoo systems gives you an easy way
to centralize that identity management: in portage, where the IDs are
hard-coded. Once GLEP81 has been implemented tree-wide, users can trust
that (on new installs, at least), every system user and group will have
the same ID. That gives you a simple way to e.g. mount shared apache
resources without having to learn LDAP.

If our IDs agree with other distributions, then to the extent possible,
the same thing works cross-distro.

We don't allow dynamic UIDs because it defeats this whole concept. You
might not care what the ID is, but some of your users will.

Re: [gentoo-dev] RFC acct-{user,group} for asterisk

[Jaco Kroon]

Hi,

On 2019/11/10 20:21, Michael Orlitzky wrote:
> On 11/10/19 12:36 PM, Jaco Kroon wrote:
>> What's the motivation for trying to match the UID and GID values from
>> other distributions?
>>
>> I previously tried to motivate a "purely dynamic" allocation with -1,
>> I'm showing this as an example where such an implementation would once
>> more be beneficial.
>>
> When sharing resources between multiple systems, you need some sort of
> centralized identity management. You can put the users in LDAP, for
> example, and then force everything to authenticate against that. But,
> doing that right is complicated, and is overkill if you just want to
> share some files between two machines.
>
> Having fixed UIDs and GIDs on all Gentoo systems gives you an easy way
> to centralize that identity management: in portage, where the IDs are
> hard-coded. Once GLEP81 has been implemented tree-wide, users can trust
> that (on new installs, at least), every system user and group will have
> the same ID. That gives you a simple way to e.g. mount shared apache
> resources without having to learn LDAP.
>
> If our IDs agree with other distributions, then to the extent possible,
> the same thing works cross-distro.
>
> We don't allow dynamic UIDs because it defeats this whole concept. You
> might not care what the ID is, but some of your users will.

Happy.  That makes sense.

May I proceed to use UID+GID 242 then for asterisk?

Seeing that 42 is apparently off limits by the above argument, and 142
could theoretically also end up being problematic.

Kind Regards,
Jaco