Quoting [EMAIL PROTECTED]: > "I can't eat eggs because I'm allergic." > > "All the more reason to eat eggs!"
Not quite what I meant.
> Only in the case where all your machines are Gentoo boxes. The uid you
> just plucked out of eid.passwd may already be used by another OS for an
> entirely different purpose. Now your sshd is running with httpd's uid,
> or worse, as a non-system user because, say, Solaris only considers uids
> under 250 to be system accounts.
Might be my own twisted view, but I can't see the benefit in sharing system
accounts across different boxes. Mysql database, NIS maps, LDAP,
what-have-you, can contain just the _user_ accounts. The remaining system
stuff belongs in /etc/{passwd,group} because different boxes can run
different services. But I suppose legacy is legacy and hard to break away
from.
> It's not really a huge undertaking to provide a switch that lets folks do
> their account management themselves if they need to. I'm not asking that
> ebuilds should automagically know how to update my NIS maps or talk to
> your MySQL server.
Something like ...
FEATURES="accounts" (set by default in make.global). When on,
enewuser/enewgroup will happily create the user/group based on eid.*. When
off, enewuser/enewgroup will stop the build process when the user/group
doesn't exist informing the admin to create it ahead of time?
Lets take it further! Instead of using enewuser/enewgroup, what about
adding two new variables in ebuilds? USERS="user1 user2" and GROUPS="group1
group2". These have to be defined in eid.* databases. When the merge
process starts, the accounts are either created or the build dies (based on
FEATURES="accounts"). This has a side benefit of being tracked per package
in the portage database and these accounts can be removed when the final
version of the package is unmerged (based on the "accounts" feature, of
course). Thoughts from the portage folk?
--
max kalika
.. public key: http://www.gentoo.org/~max/max.asc
.. fingerprint: 2D59 74B5 8785 3C22 74F2 87B0 6DD4 E810 CBC3 AB79
pgp00000.pgp
Description: PGP signature
