* [gentoo-dev] RFC acct-{user,group} for asterisk
@ 2019-11-10 16:23 Jaco Kroon
2019-11-10 16:31 ` Michał Górny
0 siblings, 1 reply; 5+ messages in thread
From: Jaco Kroon @ 2019-11-10 16:23 UTC (permalink / raw
To: gentoo development
Hi,
As part of taking maintainership of the net-misc/asterisk package (and
related), one of the cleanup items is to use the new acct-{user,group}
method for assigning UID and GID values.
As such I'd like to please reserve UID and GID = 42 for asterisk.
Why 42?
echo -e "\x$(bc <<<"obase=16; 42")"
Current net-misc/asterisk uses a dynamically assigned UID and GID value.
I do not have permission to edit
https://wiki.gentoo.org/wiki/UID_GID_Assignment_Table
(https://api.gentoo.org/uid-gid.txt).
Neither RHEL nor Fedora seems to have an asterisk user. Arch uses 77.
We already have qemu on 77.
Kind Regards,
Jaco
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [gentoo-dev] RFC acct-{user,group} for asterisk
2019-11-10 16:23 [gentoo-dev] RFC acct-{user,group} for asterisk Jaco Kroon
@ 2019-11-10 16:31 ` Michał Górny
2019-11-10 17:36 ` Jaco Kroon
0 siblings, 1 reply; 5+ messages in thread
From: Michał Górny @ 2019-11-10 16:31 UTC (permalink / raw
To: gentoo-dev
[-- Attachment #1: Type: text/plain, Size: 845 bytes --]
On Sun, 2019-11-10 at 18:23 +0200, Jaco Kroon wrote:
> Hi,
>
> As part of taking maintainership of the net-misc/asterisk package (and
> related), one of the cleanup items is to use the new acct-{user,group}
> method for assigning UID and GID values.
>
> As such I'd like to please reserve UID and GID = 42 for asterisk.
>
> Why 42?
>
> echo -e "\x$(bc <<<"obase=16; 42")"
>
> Current net-misc/asterisk uses a dynamically assigned UID and GID value.
>
> I do not have permission to edit
> https://wiki.gentoo.org/wiki/UID_GID_Assignment_Table
> (https://api.gentoo.org/uid-gid.txt).
>
> Neither RHEL nor Fedora seems to have an asterisk user. Arch uses 77.
> We already have qemu on 77.
>
Other distros use 42 for something else, particularly for stuff we have
as well.
--
Best regards,
Michał Górny
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 618 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [gentoo-dev] RFC acct-{user,group} for asterisk
2019-11-10 16:31 ` Michał Górny
@ 2019-11-10 17:36 ` Jaco Kroon
2019-11-10 18:21 ` Michael Orlitzky
0 siblings, 1 reply; 5+ messages in thread
From: Jaco Kroon @ 2019-11-10 17:36 UTC (permalink / raw
To: gentoo-dev, Michał Górny
Hi Michał,
You're right.
Fedora and RHEL has gdm on 42, we don't have gdm via acct-{user,group}
and it's dynamic in the ebuild.
Arch has privoxy user on 42. We also don't have acct-{user,group} for
that, enewgroup + user is both dynamic in ebuild.
What's the motivation for trying to match the UID and GID values from
other distributions?
I previously tried to motivate a "purely dynamic" allocation with -1,
I'm showing this as an example where such an implementation would once
more be beneficial.
On a similar note, GLEP 27 allowed for overriding config variables
here. Never got implemented. GLEP 81 does not. Oversight or (as per
my suspicion) exclusion to keep things simpler?
Would 142 be acceptable?
Only conflict seems to be activemq on Fedora (which we don't seem to have).
Otherwise 242 seems to be completely available.
I don't particularly care what the exact value ends up being, 42 would
have been a sweet one due to the ascii value of * being 42.
Kind Regards,
Jaco Kroon
On 2019/11/10 18:31, Michał Górny wrote:
> On Sun, 2019-11-10 at 18:23 +0200, Jaco Kroon wrote:
>> Hi,
>>
>> As part of taking maintainership of the net-misc/asterisk package (and
>> related), one of the cleanup items is to use the new acct-{user,group}
>> method for assigning UID and GID values.
>>
>> As such I'd like to please reserve UID and GID = 42 for asterisk.
>>
>> Why 42?
>>
>> echo -e "\x$(bc <<<"obase=16; 42")"
>>
>> Current net-misc/asterisk uses a dynamically assigned UID and GID value.
>>
>> I do not have permission to edit
>> https://wiki.gentoo.org/wiki/UID_GID_Assignment_Table
>> (https://api.gentoo.org/uid-gid.txt).
>>
>> Neither RHEL nor Fedora seems to have an asterisk user. Arch uses 77.
>> We already have qemu on 77.
>>
>
> Other distros use 42 for something else, particularly for stuff we have
> as well.
>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [gentoo-dev] RFC acct-{user,group} for asterisk
2019-11-10 17:36 ` Jaco Kroon
@ 2019-11-10 18:21 ` Michael Orlitzky
2019-11-10 19:01 ` Jaco Kroon
0 siblings, 1 reply; 5+ messages in thread
From: Michael Orlitzky @ 2019-11-10 18:21 UTC (permalink / raw
To: gentoo-dev
On 11/10/19 12:36 PM, Jaco Kroon wrote:
>
> What's the motivation for trying to match the UID and GID values from
> other distributions?
>
> I previously tried to motivate a "purely dynamic" allocation with -1,
> I'm showing this as an example where such an implementation would once
> more be beneficial.
>
When sharing resources between multiple systems, you need some sort of
centralized identity management. You can put the users in LDAP, for
example, and then force everything to authenticate against that. But,
doing that right is complicated, and is overkill if you just want to
share some files between two machines.
Having fixed UIDs and GIDs on all Gentoo systems gives you an easy way
to centralize that identity management: in portage, where the IDs are
hard-coded. Once GLEP81 has been implemented tree-wide, users can trust
that (on new installs, at least), every system user and group will have
the same ID. That gives you a simple way to e.g. mount shared apache
resources without having to learn LDAP.
If our IDs agree with other distributions, then to the extent possible,
the same thing works cross-distro.
We don't allow dynamic UIDs because it defeats this whole concept. You
might not care what the ID is, but some of your users will.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [gentoo-dev] RFC acct-{user,group} for asterisk
2019-11-10 18:21 ` Michael Orlitzky
@ 2019-11-10 19:01 ` Jaco Kroon
0 siblings, 0 replies; 5+ messages in thread
From: Jaco Kroon @ 2019-11-10 19:01 UTC (permalink / raw
To: gentoo-dev, Michael Orlitzky
Hi,
On 2019/11/10 20:21, Michael Orlitzky wrote:
> On 11/10/19 12:36 PM, Jaco Kroon wrote:
>> What's the motivation for trying to match the UID and GID values from
>> other distributions?
>>
>> I previously tried to motivate a "purely dynamic" allocation with -1,
>> I'm showing this as an example where such an implementation would once
>> more be beneficial.
>>
> When sharing resources between multiple systems, you need some sort of
> centralized identity management. You can put the users in LDAP, for
> example, and then force everything to authenticate against that. But,
> doing that right is complicated, and is overkill if you just want to
> share some files between two machines.
>
> Having fixed UIDs and GIDs on all Gentoo systems gives you an easy way
> to centralize that identity management: in portage, where the IDs are
> hard-coded. Once GLEP81 has been implemented tree-wide, users can trust
> that (on new installs, at least), every system user and group will have
> the same ID. That gives you a simple way to e.g. mount shared apache
> resources without having to learn LDAP.
>
> If our IDs agree with other distributions, then to the extent possible,
> the same thing works cross-distro.
>
> We don't allow dynamic UIDs because it defeats this whole concept. You
> might not care what the ID is, but some of your users will.
Happy. That makes sense.
May I proceed to use UID+GID 242 then for asterisk?
Seeing that 42 is apparently off limits by the above argument, and 142
could theoretically also end up being problematic.
Kind Regards,
Jaco
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2019-11-10 19:01 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-11-10 16:23 [gentoo-dev] RFC acct-{user,group} for asterisk Jaco Kroon
2019-11-10 16:31 ` Michał Górny
2019-11-10 17:36 ` Jaco Kroon
2019-11-10 18:21 ` Michael Orlitzky
2019-11-10 19:01 ` Jaco Kroon
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox