[Triumf-linux-managers] TRIUMF Legacy UIDs - new RPM
Andrew Daviel
advax at triumf.ca
Fri Nov 26 16:37:38 PST 2010
Precis: Please install the RPM "triumf-uid_min" (from the TRIUMF
repository) on current and future Linux systems using NFS or NIS.
Details:
TRIUMF maintains a master list of Unix user IDs, dating back to Ultrix
on DecStations. This is used to coordinate UIDs when NFS or NIS is used.
The list is available at
http://legacyweb.triumf.ca/internal/users/uic_master_list.txt
(Requests for new TRIUMF user IDs for the compute cluster etc. should go
to CCN via helpdesk, as before)
For historical reasons, we have many UIDs below 500, which is the current
RedHat base on new systems.
I recently realized that software packages using chroot() create a
nonprivileged working account with "useradd -r" at installation time.
This creates an account below UID_MIN, nominally 500 (defined in
/etc/login.defs).
This creates a potential conflict, if a package is installed and
subsequently a user record is imported from NIS or LDAP using the same
UID.
We have moved existing active accounts on trshare and the trcomp cluster
from below 245, and recommend, where NIS or NFS is used with standard
UICs, that UID_MIN be changed to 245. This is best done with "yum install
triumf-uid_min".
However, where TRIUMF UICs are not used, but new accounts are added with
default values (with UIC monotonically increasing from UID_MIN), we
recommend not installing this RPM. Otherwise new accounts will be created
starting at 245.
We hope in future to move all remaining active accounts from below 500.
--
Andrew Daviel, TRIUMF, Canada
Tel. +1 (604) 222-7376 (Pacific Time)
Network Security Manager
More information about the Triumf-linux-managers
mailing list