2008/507 [ OpenLDAP for OpenSolaris]
Nicolas Williams
Nicolas.Williams at sun.com
Thu Aug 7 15:52:07 PDT 2008
On Thu, Aug 07, 2008 at 05:22:19PM -0500, Nicolas Williams wrote:
> On Thu, Aug 07, 2008 at 03:16:39PM -0700, Glenn Skinner wrote:
> > Is it really necessary to allocate another user:group pair from our
> > dwindling stock of reserved values? Would it be possible to share one
> > of the already allocated entries from the reserved part of the name
> > space?
>
> My impression (please correct me if I'm wrong) is that with IPS the UIDs
> and GIDs can be allocated dynamically and that most pkgs that install
> local users/groups will often not be installed by the user anyways.
I've confirmed this with Dave Miner.
That still won't save us should users want to install everything
available from the repository and should we run out of UIDs and GIDs
reserved for the OS. Should it come to it I suppose IPS could ask the
user to provide a suitable range of UIDs/GIDs for use for this.
Alternatively we could explore use of ephemeral UIDs/GIDs for this.
But none of that is this case.
I think the answer to your first question is "yes."
I don't know how to answer your second question. Perhaps things like
DNS servers, OpenDS, OpenLDAP, ... all could share one account and use
zones to avoid sharing resources amongst them. That too is "not this
case."
In other words, I don't have really satisfying answers to your
questions.
IPS will alleviate the pressure, perhaps enough so that we can dodge
this matter indefinitely. Heck, OpenSolaris being a sort of Major
release I suppose we could even dodge this by increasing the set of
UIDs/GIDs set aside for OS users/groups! (No, I'm not proposing that).
Nico
--
More information about the opensolaris-arc
mailing list