From: David L Kindred (Dave) (d.kindred@telesciences.com)
Date: Tue Aug 27 2002 - 14:45:39 EDT
As some of you have noticed, I have sent this message to multiple lists
in order to build a cross-platform answer. I request that readers on
all lists follow the "send all responses to the originator and have him
post a summary" mode of several of these lists in all cases.
I have reached the point where I am tired of dealing with the collisions
between UID and GID assignments between all of the Unix and Unix-like
systems of various vintages on my network (currently multiple versions
of SunOS, Solaris, HP-UX, Linux, and LynxOS). As part of a project to
deploy a new file server we have budgeted time to do all of the work
necessary to change our UID and GID assignments to make all of the
systems play together better.
I am particularly looking for input from those of you who have Unix or
Unix-like systems that I don't have, as it is likely I will have some
of them soon.
I need your help in identifying as many of the following as I can, to
hopefully get this "right" the first time. Of course if there is
already a suitable reference work containing this information I would
love to know about it. I don't recall ever seeing anything on this
topic, but then again I haven't had time to read the whole Wide World
Web.
My questions:
1) What range of UID and GID values are considered "privileged" by the
various operating systems?
I know that many (most? all?) treat values under 100 (or is that
INCLUDING 100?) as "privileged". Are there any exceptions?
2) There is some agreement, but still some dis-agreement between the
values assigned for supposed "well-known" UID and GID values
(e.g. "ftp"). Is there any attempt to standardize these? Should I
attempt to standardize these, or is not worth the effort?
3) What range (or at least starting point) do the various operating
systems use when assigning "local" accounts? (Of particular interest
are those UIDs and GIDs assigned during the installation process).
I know that older systems seemed to start at (or near) 100. I know
that RedHat Linux systems start at 500. At the moment I don't have
any HP-UX or Solaris systems not already running NIS, so I can't
readily test what they would do.
4) The RedHat "User Local Group" concept has both good and bad points.
Has it been successfully used in a mixed-OS environment? Does the
concept work on other Unix and Unix-like systems?
5) Our Engineering department is having some issues with UID and GID in
deployed systems. In a perfect world, the user name, group name,
UID, and GID values used by a program, package, or system would all
be configuration- or run-time settable. In an in-perfect world this
doesn't always work. What are the common or best practices for
dealing with this? What resources do I point those folks at?
6) Are there any published "best practices" on UID and GID assignment?
If there aren't, should I start with results of this survey and try
to compile something?
I thank all of you who are willing to help for your time.
Dave
--
David L. Kindred <mailto:d.kindred@telesciences.com>
Unix Systems & Network Administrator
Telesciences, Inc. <http://www.telesciences.com>
Support: <http://support.telesciences.com>
2000 Midlantic Drive, Suite 410, Mt. Laurel, NJ 08054
Tel: +1.856.866.1000 ext. 4184
Fax: +1.856.866.0185
Cel: +1.609.413.6205
Pgr: +1.800.689.5182
SMS: <mailto:davidlkindred@vtext.com>
---
--
---> Please post QUESTIONS and SUMMARIES only!! <---
To subscribe/unsubscribe to this list, contact majordomo@dutchworks.nl
Name: hpux-admin@dutchworks.nl Owner: owner-hpux-admin@dutchworks.nl
Archives: ftp.dutchworks.nl:/pub/digests/hpux-admin (FTP, browse only)
http://www.dutchworks.nl/htbin/hpsysadmin (Web, browse & search)
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 11:02:18 EDT