Subject: Re: pkg added accounts and YP/NIS
To: grant beattie <grant@NetBSD.org>
From: Johnny C. Lam <jlam@NetBSD.org>
Date: 02/24/2005 10:20:29
grant beattie wrote:
> On Wed, Feb 23, 2005 at 03:00:14PM -0500, Johnny Lam wrote:
>>J.T. Conklin wrote:
>>>I'm using YP/NIS for centralized account management, and just noticed
>>>various packages have added new accounts that just happen to have the
>>>same uid/gid as "real" accounts. (Actually, it appears that packages
>>>are picking the next free uid; the conflict occurs when the NIS admin
>>>adds a new user, having no idea that a uid has been assigned).
>>>Is there a way to restrict the package infrastructure to select uid's
>>>from a "local" range?
>>The package install scripts use user(8) to create the new users, and I
>>think you can create an /etc/usermgmt.conf file to specify the range of
>>uids from which you'd like for user(8) to allocate. See
>>usermgmt.conf(5) for more information.
> that helps on NetBSD, but we should probably come up with a more
> general solution...
There are no cross-platform useradd tools that we can use, and there is
no deep yearning within me to write wrappers around each platform's
native user management tools, so if a NetBSD-compatible user(8) and
group(8) don't exist, then that platform should default to
PKG_CREATE_USERGROUP=no so that the admin is prompted at pre-install
time to create the users/groups manually. On my own NetBSD systems, I
default to PKG_CREATE_USERGROUP=no anyway just so I can more precisely
control the uids and gids allocated on my systems.
-- Johnny Lam <jlam@NetBSD.org>