Difference: AuthComponentLegacy (2 vs. 3)

Revision 32012-02-14 - idurkacz

Line: 1 to 1
 
META TOPICPARENT name="DocsForLCFGUsers"

Using the auth component

Line: 17 to 17
 Prior to version 1.0.0 of the LCFG auth component there was only a very simple way to add new users to the passwd file. It had to be done like this:
Changed:
<
<
auth.extrapasswd mSET(lcfg)
>
>
auth.extrapasswd mADD(lcfg)
 auth.pwent_lcfg lcfg:x:980:980:LCFG user:/tmp:/bin/false
Line: 44 to 44
 Prior to version 1.0.0 of the LCFG auth component there was only a very simple way to add new groups to the group file. It had to be done like this:
Changed:
<
<
auth.extragroup mSET(lcfg)
>
>
auth.extragroup mADD(lcfg)
 auth.grpent_lcfg mSET(lcfg:x:980:)
Line: 73 to 73
 

Local UID/GID range

Changed:
<
<
On Linux systems the UID/GID range from 0 to 1000 is generally considered to be for "system" and other "local" accounts for specific software. On Redhat/Fedora based systems there are a number of important system accounts using UIDs from 0 through to about 100 which are statically specified in the stub /etc/passwd and /etc/group= files (which are provided as part of the setup package). All other Redhat packages which need UIDs and GIDs are expected to use post-install scripts to select the next free ID counting down from 499.
>
>
On Linux systems the UID/GID range from 0 to 1000 is generally considered to be for "system" and other "local" accounts for specific software. On Redhat/Fedora based systems there are a number of important system accounts using UIDs from 0 through to about 100 which are statically specified in the stub /etc/passwd and /etc/group files (which are provided as part of the setup package). All other Redhat packages which need UIDs and GIDs are expected to use post-install scripts to select the next free ID counting down from 499.
  Unlike the Redhat approach for these dynamically selected IDs, with LCFG we have chosen to use an approach where the IDs are consistent across all machines for a particular platform. This means that whenever a new package is installed it will first have to be delegated the necessary UIDs and GIDs. These are configured using the LCFG auth component and are specified in the /lcfg/options/localaccounts.h header file. Note that header file only contains the metadata for each passwd or group entry, it does not actually add anything to a system, that should be done in the service-specific header.
Changed:
<
<
Also, unlike Redhat we have chosen to count down from 700 to give us a larger range within which to work. The range from 700 to 1000 is considered to be reserved for truly local usage within an individual unit. The exceptions to this rule are where some long-time accepted UIDs and GIDs have already been placed in that range due to the heritage of the configuration (e.g. it originally came from Informatics).
>
>
Also, unlike Redhat we have chosen to count down from 700 to give us a larger range within which to work. The range from 700 to 1000 is considered to be reserved for truly local usage within an individual site. The exceptions to this rule are where some long-time accepted UIDs and GIDs have already been placed in that range due to the heritage of the configuration (e.g. it originally came from Informatics).
 

Summary of Usage

 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2020 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback