On Fri, Aug 08, 2008 at 06:57:27AM -0400, James Carlson wrote: > Nicolas Williams writes: > > My impression (please correct me if I'm wrong) is that with IPS the UIDs > > and GIDs can be allocated dynamically and that most pkgs that install > > local users/groups will often not be installed by the user anyways. > > I don't understand how dynamic assignment would be administratively > useful outside of the lone laptop environment. > > UIDs can be shared across machines. They show up in backups and file > archives, in NFSv[23] messages, and in clustered file systems.
I wasn't trying to design the feature here. But let's say you filter out new dynamic assignments -- we're already doing such things with ephemeral IDs. IOW, new local system accounts would be really, _really_ local-only. But if we really need to represent the IDs of local system accounts on the wire in AUTH_SYS, NFSv3 then I'm not sure how to break the 100 reserved UID/GID barrier that we have short of using major release binding. If it could work (I've not explored this enough), I'd propose local system accounts with ephemeral IDs. Those would be representable on the wire in NFSv4, CIFS and tar/cpio/... (though not AUTH_SYS, and not NFSv2/3, but in the case of CIFS only if clients can understand SIDs where the server adds not one, but two RIDs to its computer SID (er, scratch Vista then), or where the server can have more than one SID, or if we switch to uing the SID authorities number 22 and 23. (We'd also need a convention for representing such local accounts in NFSv4 and archives; what to use as the "domain" name?) Nico --
