Re: Converting /home/* from Susie to Debian
On Tue, Oct 22, 2002 at 11:38:23PM +1000, Garry Byrne wrote: At 02:00 PM 10/22/2002 +0200, Adrian 'Dagurashibanipal' von Bidder wrote: To my knowledge there is nothing in Debian depending on a one group per user setup. So the transition might be easier if you just changed the default to match your old policy, i.e. one group for all users. I'm sure there must be massive list archive threads about this... AFAIK, the main benefit of an extra group per user is it allows you to have communal work directories with 'g+rws' permissions and users with umask '002' without sacrificing security. Any files created by a user with umask '002' will be writeable by the group that owns it. In the communal area with 'g+s' this means the group that owns the directory. In any other directory without 'g+s' permissions, this will be the user's own group... ie just the one user. If this is just a mail server, then the whole communal work area concept is not really applicable so you are probably better off to put them all in one group. It might pay however to give any special admin users their own unique group so that they can take advantage of group admin directories. -- -- ABO: finger [EMAIL PROTECTED] for more info, including pgp key --
Re: Converting /home/* from Susie to Debian
Hi, On Tue, 22 Oct 2002, Garry Byrne wrote: We are converting our main mail/web server over from a Susie box to Debian. Under Susie ownership on /home/client are client.users and the standard debian is client.client We have around 3000 clients so we will be adding an extra 3000 groups to keep with the standard Debian client.client Can anyone see this as a problem? having a large group file? not really. i've been working as admin on a box that had somewhat like 7500 users, all with their own group and no noticeable performance issues compared to its sister/backup box (same hardsoftware) which had about 50 real users+groups. why would you think that 3000 additional groups might be a problem? tobias r. -- NOC Hamster - Security Guy - Owner of one, root of many Tobias Rosenstock - [EMAIL PROTECTED] - [EMAIL PROTECTED] - [EMAIL PROTECTED] Wieske's Crew KG - http://irz42.net - http://www.crew-kg.de Humboldtstr. 51 - Lessingstr. 2 - 22083 Hamburg - Germany -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Converting /home/* from Susie to Debian
On Tue, 2002-10-22 at 13:25, Garry Byrne wrote: We are converting our main mail/web server over from a Susie box to Debian. Under Susie ownership on /home/client are client.users and the standard debian is client.client To my knowledge there is nothing in Debian depending on a one group per user setup. So the transition might be easier if you just changed the default to match your old policy, i.e. one group for all users. cheers -- vbi -- this email is protected by a digital signature http://fortytwo.ch/gpg NOTE: get my key here: http://www.google.com/search?q=mQGiBDx2a6ERBAC8l signature.asc Description: This is a digitally signed message part
Re: Converting /home/* from Susie to Debian
At 02:00 PM 10/22/2002 +0200, Adrian 'Dagurashibanipal' von Bidder wrote: To my knowledge there is nothing in Debian depending on a one group per user setup. So the transition might be easier if you just changed the default to match your old policy, i.e. one group for all users. I was thinking the same thing as you suggested, but I presume the Debian one group one user policy must have a reason behind it. I guess I am looking for some pros and con to base my choice on. Cheers Garry Regards Garry Garry Byrne, Managing Director Highway Internet Services ABN: 14 088 130 269 www.hwy.com.au Servicing: Australia. National Local call access. Enquiries 02 63723645 [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Converting /home/* from Susie to Debian
Garry, You said it's going to be a webserver/mailserver.. are there any other things that you have to take in account before you start the migration of all the users ? Cheers, Mark At 02:00 PM 10/22/2002 +0200, Adrian 'Dagurashibanipal' von Bidder wrote: To my knowledge there is nothing in Debian depending on a one group per user setup. So the transition might be easier if you just changed the default to match your old policy, i.e. one group for all users. I was thinking the same thing as you suggested, but I presume the Debian one group one user policy must have a reason behind it. I guess I am looking for some pros and con to base my choice on. Cheers Garry Regards Garry Garry Byrne, Managing Director Highway Internet Services ABN: 14 088 130 269 www.hwy.com.au Servicing: Australia. National Local call access. Enquiries 02 63723645 [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Converting /home/* from Susie to Debian
On Tue, 22 Oct 2002 14:00, Adrian 'Dagurashibanipal' von Bidder wrote: On Tue, 2002-10-22 at 13:25, Garry Byrne wrote: We are converting our main mail/web server over from a Susie box to Debian. Under Susie ownership on /home/client are client.users and the standard debian is client.client To my knowledge there is nothing in Debian depending on a one group per user setup. So the transition might be easier if you just changed the default to match your old policy, i.e. one group for all users. I second that. The client.client option in Debian is just the default setup, which can easily be changed. Having 3000 groups in /etc/group will cause some performance loss, but with modern hardware you probably won't notice it much. Generally I find that having all users in one group (or having a small number of groups for different categories of user) makes a server easier to manage. Hmm, I wonder if SUSE has a female employee named Susie... ;) -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Converting /home/* from Susie to Debian
At 04:36 PM 10/22/2002 +0200, Russell Coker wrote: Hmm, I wonder if SUSE has a female employee named Susie... ;) Thanks Russell Now! I know what the Mark and was getting at, I'm generally pretty gooda t typos :) No not a freudian slip, just a typo. Cheers Garry -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Converting /home/* from Susie to Debian
write a script? way more reliable and obviously way quicker Thing On Wed, 23 Oct 2002 00:25, Garry Byrne wrote: We are converting our main mail/web server over from a Susie box to Debian. Under Susie ownership on /home/client are client.users and the standard debian is client.client We have around 3000 clients so we will be adding an extra 3000 groups to keep with the standard Debian client.client Can anyone see this as a problem? having a large group file? Thanks Garry -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Converting /home/* from Susie to Debian
At 06:40 AM 10/23/2002 +1300, Thing wrote: write a script? way more reliable and obviously way quicker Thanks, yes I agree, we have already written a couple of scripts to import the various info we need brought across. I've decided to stay with client.one-group. Thanks all who replied, I'll put Susie to bed now:) Cheers Garry On Wed, 23 Oct 2002 00:25, Garry Byrne wrote: We are converting our main mail/web server over from a Susie box to Debian. Under Susie ownership on /home/client are client.users and the standard debian is client.client We have around 3000 clients so we will be adding an extra 3000 groups to keep with the standard Debian client.client Can anyone see this as a problem? having a large group file? Thanks Garry -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Converting /home/* from Susie to Debian
On Tue, Oct 22, 2002 at 11:38:23PM +1000, Garry Byrne wrote: At 02:00 PM 10/22/2002 +0200, Adrian 'Dagurashibanipal' von Bidder wrote: To my knowledge there is nothing in Debian depending on a one group per user setup. So the transition might be easier if you just changed the default to match your old policy, i.e. one group for all users. I'm sure there must be massive list archive threads about this... AFAIK, the main benefit of an extra group per user is it allows you to have communal work directories with 'g+rws' permissions and users with umask '002' without sacrificing security. Any files created by a user with umask '002' will be writeable by the group that owns it. In the communal area with 'g+s' this means the group that owns the directory. In any other directory without 'g+s' permissions, this will be the user's own group... ie just the one user. If this is just a mail server, then the whole communal work area concept is not really applicable so you are probably better off to put them all in one group. It might pay however to give any special admin users their own unique group so that they can take advantage of group admin directories. -- -- ABO: finger [EMAIL PROTECTED] for more info, including pgp key -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Converting /home/* from Susie to Debian
Hi, On Tue, 22 Oct 2002, Garry Byrne wrote: We are converting our main mail/web server over from a Susie box to Debian. Under Susie ownership on /home/client are client.users and the standard debian is client.client We have around 3000 clients so we will be adding an extra 3000 groups to keep with the standard Debian client.client Can anyone see this as a problem? having a large group file? not really. i've been working as admin on a box that had somewhat like 7500 users, all with their own group and no noticeable performance issues compared to its sister/backup box (same hardsoftware) which had about 50 real users+groups. why would you think that 3000 additional groups might be a problem? tobias r. -- NOC Hamster - Security Guy - Owner of one, root of many Tobias Rosenstock - [EMAIL PROTECTED] - [EMAIL PROTECTED] - [EMAIL PROTECTED] Wieske's Crew KG - http://irz42.net - http://www.crew-kg.de Humboldtstr. 51 - Lessingstr. 2 - 22083 Hamburg - Germany
Re: Converting /home/* from Susie to Debian
On Tue, 2002-10-22 at 13:25, Garry Byrne wrote: We are converting our main mail/web server over from a Susie box to Debian. Under Susie ownership on /home/client are client.users and the standard debian is client.client To my knowledge there is nothing in Debian depending on a one group per user setup. So the transition might be easier if you just changed the default to match your old policy, i.e. one group for all users. cheers -- vbi -- this email is protected by a digital signature http://fortytwo.ch/gpg NOTE: get my key here: http://www.google.com/search?q=mQGiBDx2a6ERBAC8l signature.asc Description: This is a digitally signed message part
Re: Converting /home/* from Susie to Debian
At 02:00 PM 10/22/2002 +0200, Adrian 'Dagurashibanipal' von Bidder wrote: To my knowledge there is nothing in Debian depending on a one group per user setup. So the transition might be easier if you just changed the default to match your old policy, i.e. one group for all users. I was thinking the same thing as you suggested, but I presume the Debian one group one user policy must have a reason behind it. I guess I am looking for some pros and con to base my choice on. Cheers Garry Regards Garry Garry Byrne, Managing Director Highway Internet Services ABN: 14 088 130 269 www.hwy.com.au Servicing: Australia. National Local call access. Enquiries 02 63723645 [EMAIL PROTECTED]
Re: Converting /home/* from Susie to Debian
Garry, You said it's going to be a webserver/mailserver.. are there any other things that you have to take in account before you start the migration of all the users ? Cheers, Mark At 02:00 PM 10/22/2002 +0200, Adrian 'Dagurashibanipal' von Bidder wrote: To my knowledge there is nothing in Debian depending on a one group per user setup. So the transition might be easier if you just changed the default to match your old policy, i.e. one group for all users. I was thinking the same thing as you suggested, but I presume the Debian one group one user policy must have a reason behind it. I guess I am looking for some pros and con to base my choice on. Cheers Garry Regards Garry Garry Byrne, Managing Director Highway Internet Services ABN: 14 088 130 269 www.hwy.com.au Servicing: Australia. National Local call access. Enquiries 02 63723645 [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Converting /home/* from Susie to Debian
On Tue, 22 Oct 2002 14:00, Adrian 'Dagurashibanipal' von Bidder wrote: On Tue, 2002-10-22 at 13:25, Garry Byrne wrote: We are converting our main mail/web server over from a Susie box to Debian. Under Susie ownership on /home/client are client.users and the standard debian is client.client To my knowledge there is nothing in Debian depending on a one group per user setup. So the transition might be easier if you just changed the default to match your old policy, i.e. one group for all users. I second that. The client.client option in Debian is just the default setup, which can easily be changed. Having 3000 groups in /etc/group will cause some performance loss, but with modern hardware you probably won't notice it much. Generally I find that having all users in one group (or having a small number of groups for different categories of user) makes a server easier to manage. Hmm, I wonder if SUSE has a female employee named Susie... ;) -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page
Re: Converting /home/* from Susie to Debian
At 04:36 PM 10/22/2002 +0200, Russell Coker wrote: Hmm, I wonder if SUSE has a female employee named Susie... ;) Thanks Russell Now! I know what the Mark and was getting at, I'm generally pretty gooda t typos :) No not a freudian slip, just a typo. Cheers Garry
Re: Converting /home/* from Susie to Debian
write a script? way more reliable and obviously way quicker Thing On Wed, 23 Oct 2002 00:25, Garry Byrne wrote: We are converting our main mail/web server over from a Susie box to Debian. Under Susie ownership on /home/client are client.users and the standard debian is client.client We have around 3000 clients so we will be adding an extra 3000 groups to keep with the standard Debian client.client Can anyone see this as a problem? having a large group file? Thanks Garry
Re: Converting /home/* from Susie to Debian
At 06:40 AM 10/23/2002 +1300, Thing wrote: write a script? way more reliable and obviously way quicker Thanks, yes I agree, we have already written a couple of scripts to import the various info we need brought across. I've decided to stay with client.one-group. Thanks all who replied, I'll put Susie to bed now:) Cheers Garry On Wed, 23 Oct 2002 00:25, Garry Byrne wrote: We are converting our main mail/web server over from a Susie box to Debian. Under Susie ownership on /home/client are client.users and the standard debian is client.client We have around 3000 clients so we will be adding an extra 3000 groups to keep with the standard Debian client.client Can anyone see this as a problem? having a large group file? Thanks Garry -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]