Contents of /xml/htdocs/proj/en/glep/glep-0027.html

Parent Directory Parent Directory | Revision Log Revision Log

Revision 1.7 - (hide annotations) (download) (as text)
Sun Oct 14 17:00:15 2007 UTC (7 years ago) by antarus
Branch: MAIN
Changes since 1.6: +4 -251 lines
File MIME type: text/html
the canary on 53 went well, changing the rest

1 g2boojum 1.1 <?xml version="1.0" encoding="utf-8" ?>
2     <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
3     <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
4 antarus 1.7
5 g2boojum 1.1 <head>
6     <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
7 g2boojum 1.5 <meta name="generator" content="Docutils 0.4: http://docutils.sourceforge.net/" />
8 g2boojum 1.1 <title>GLEP 27 -- Portage Management of UIDs/GIDs</title>
9 antarus 1.7 <link rel="stylesheet" href="tools/glep.css" type="text/css" />
10 g2boojum 1.1 </head>
11     <body bgcolor="white">
12     <table class="navigation" cellpadding="0" cellspacing="0"
13     width="100%" border="0">
14     <tr><td class="navicon" width="150" height="35">
15     <a href="http://www.gentoo.org/" title="Gentoo Linux Home Page">
16     <img src="http://www.gentoo.org/images/gentoo-new.gif" alt="[Gentoo]"
17     border="0" width="150" height="35" /></a></td>
18     <td class="textlinks" align="left">
19     [<b><a href="http://www.gentoo.org/">Gentoo Linux Home</a></b>]
20 antarus 1.7 [<b><a href="http://www.gentoo.org/proj/en/glep">GLEP Index</a></b>]
21 g2boojum 1.5 [<b><a href="http://www.gentoo.org/proj/en/glep/glep-0027.txt">GLEP Source</a></b>]
22 g2boojum 1.1 </td></tr></table>
23 vapier 1.3 <table class="rfc2822 docutils field-list" frame="void" rules="none">
24 g2boojum 1.1 <col class="field-name" />
25     <col class="field-body" />
26     <tbody valign="top">
27     <tr class="field"><th class="field-name">GLEP:</th><td class="field-body">27</td>
28     </tr>
29     <tr class="field"><th class="field-name">Title:</th><td class="field-body">Portage Management of UIDs/GIDs</td>
30     </tr>
31 g2boojum 1.5 <tr class="field"><th class="field-name">Version:</th><td class="field-body">1.5</td>
32 g2boojum 1.1 </tr>
33 g2boojum 1.5 <tr class="field"><th class="field-name">Last-Modified:</th><td class="field-body"><a class="reference" href="http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/proj/en/glep/glep-0027.txt?cvsroot=gentoo">2005/09/18 20:48:23</a></td>
34 g2boojum 1.1 </tr>
35     <tr class="field"><th class="field-name">Author:</th><td class="field-body">Mike Frysinger &lt;vapier&#32;&#97;t&#32;gentoo.org&gt;</td>
36     </tr>
37 vapier 1.4 <tr class="field"><th class="field-name">Status:</th><td class="field-body">Approved</td>
38 g2boojum 1.1 </tr>
39     <tr class="field"><th class="field-name">Type:</th><td class="field-body">Standards Track</td>
40     </tr>
41 g2boojum 1.5 <tr class="field"><th class="field-name">Content-Type:</th><td class="field-body"><a class="reference" href="glep-0002.html">text/x-rst</a></td>
42 g2boojum 1.1 </tr>
43     <tr class="field"><th class="field-name">Created:</th><td class="field-body">29 May 2004</td>
44     </tr>
45 g2boojum 1.2 <tr class="field"><th class="field-name">Post-History:</th><td class="field-body">29-May-2004, 20-Jul-2004</td>
46 g2boojum 1.1 </tr>
47     </tbody>
48     </table>
49     <hr />
50 g2boojum 1.5 <div class="contents topic">
51     <p class="topic-title first"><a id="contents" name="contents">Contents</a></p>
52 g2boojum 1.1 <ul class="simple">
53 g2boojum 1.2 <li><a class="reference" href="#status" id="id2" name="id2">Status</a></li>
54     <li><a class="reference" href="#abstract" id="id3" name="id3">Abstract</a></li>
55     <li><a class="reference" href="#motivation" id="id4" name="id4">Motivation</a></li>
56     <li><a class="reference" href="#specification" id="id5" name="id5">Specification</a><ul>
57     <li><a class="reference" href="#portage-structure" id="id6" name="id6">Portage Structure</a><ul>
58     <li><a class="reference" href="#defining-accounts" id="id7" name="id7">Defining Accounts</a></li>
59     <li><a class="reference" href="#local-overrides" id="id8" name="id8">Local Overrides</a></li>
60 g2boojum 1.1 </ul>
61     </li>
62 g2boojum 1.2 <li><a class="reference" href="#developer-interface" id="id9" name="id9">Developer Interface</a><ul>
63     <li><a class="reference" href="#eusers-egroups" id="id10" name="id10">EUSERS + EGROUPS</a></li>
64     <li><a class="reference" href="#id1" id="id11" name="id11">Defining Accounts</a></li>
65 g2boojum 1.1 </ul>
66     </li>
67 g2boojum 1.2 <li><a class="reference" href="#user-interface" id="id12" name="id12">User Interface</a><ul>
68     <li><a class="reference" href="#users-update" id="id13" name="id13">users-update</a></li>
69     <li><a class="reference" href="#features-noautoaccts" id="id14" name="id14">FEATURES=noautoaccts</a></li>
70 g2boojum 1.1 </ul>
71     </li>
72     </ul>
73     </li>
74 g2boojum 1.2 <li><a class="reference" href="#rationale" id="id15" name="id15">Rationale</a></li>
75     <li><a class="reference" href="#backwards-compatibility" id="id16" name="id16">Backwards Compatibility</a></li>
76     <li><a class="reference" href="#references" id="id17" name="id17">References</a></li>
77     <li><a class="reference" href="#copyright" id="id18" name="id18">Copyright</a></li>
78 g2boojum 1.1 </ul>
79     </div>
80 g2boojum 1.5 <div class="section">
81     <h1><a class="toc-backref" href="#id2" id="status" name="status">Status</a></h1>
82 g2boojum 1.2 <p>This GLEP was approved as-is on 14-Jun-2004.</p>
83     </div>
84 g2boojum 1.5 <div class="section">
85     <h1><a class="toc-backref" href="#id3" id="abstract" name="abstract">Abstract</a></h1>
86     <p>The current handling of users and groups in the portage system lacks
87     policy and a decent API. We need an API that is both simple for
88 g2boojum 1.1 developers and end users.</p>
89     </div>
90 g2boojum 1.5 <div class="section">
91     <h1><a class="toc-backref" href="#id4" id="motivation" name="motivation">Motivation</a></h1>
92     <p>Currently the policy is left up to respective ebuild maintainers to
93     choose the username, id, shell settings, etc... and to have them added
94     in the right place at the right time in the right way. When the
95     addition of users was found to often times have broken logic, the
96     enewuser and enewgroup functions were designed to remove all the
97     details. However, these functions still suffer from some fundamental
98     problems. First, there is no local customization. Second, maintainers
99     still use the functions improperly (binary packages have suffered the
100     most thus far). Third, the functions are not portable across non-linux
101     systems and not friendly to cross compiling or other exotic setups.
102     There are other reasons, but these listed few are enough to warrant
103 g2boojum 1.1 change.</p>
104     </div>
105 g2boojum 1.5 <div class="section">
106     <h1><a class="toc-backref" href="#id5" id="specification" name="specification">Specification</a></h1>
107     <div class="section">
108     <h2><a class="toc-backref" href="#id6" id="portage-structure" name="portage-structure">Portage Structure</a></h2>
109     <div class="section">
110     <h3><a class="toc-backref" href="#id7" id="defining-accounts" name="defining-accounts">Defining Accounts</a></h3>
111     <p>New directories will need to be added to the rsync tree to store the files
112     that define the default values for new accounts. They will be stored on a
113     per-profile basis, that way sub-profiles may easily override parent profiles.
114     The default location will be the base profile since all other profiles inherit
115 vapier 1.3 from there.</p>
116 g2boojum 1.1 <pre class="literal-block">
117 vapier 1.3 portage/profiles/base/accounts/
118     user/&lt;username&gt;
119     group/&lt;groupname&gt;
120     accounts
121 g2boojum 1.1 </pre>
122 g2boojum 1.5 <p>The files are named with the respective user/group name since they need
123     to be unique in their respective domains. For example, the file
124     detailing the ntp user would be located accounts/user/ntp. Each
125     username file will detail the required information about each user.
126     Certain account features that exist on one class of systems (Linux) but
127     not on others (*BSD) can be redefined in their respective subprofiles. Each
128     groupname will follow similar guidelines. The accounts file will be used to
129     describe global account defaults such as the default range of 'valid system'
130     ids. For example, if the UID 123 is already used on a system, but the ntp
131     user defaults to '123', we obviously cannot just duplicate it. So we
132     would select the next available UID on the system based upon the range
133 g2boojum 1.1 defined here.</p>
134     </div>
135 g2boojum 1.5 <div class="section">
136     <h3><a class="toc-backref" href="#id8" id="local-overrides" name="local-overrides">Local Overrides</a></h3>
137     <p>Following the tried and true style of custom local portage files being
138     found in /etc/portage, this new system will follow the same. Users can
139     setup their own directory heirarchy in /etc/portage/profile/accounts/ that
140     mimics the heirarchy found in the portage tree. When portage attempts to add
141     a new user, it will first check /etc/portage/profile/accounts/user/&lt;username&gt;.
142     If it does not exist, it will simply use the default definition in the
143 g2boojum 1.1 portage tree.</p>
144     </div>
145     </div>
146 g2boojum 1.5 <div class="section">
147     <h2><a class="toc-backref" href="#id9" id="developer-interface" name="developer-interface">Developer Interface</a></h2>
148     <div class="section">
149     <h3><a class="toc-backref" href="#id10" id="eusers-egroups" name="eusers-egroups">EUSERS + EGROUPS</a></h3>
150     <p>Ebuilds that wish to add users or groups to the system must set these
151     variables. They are both space delimited lists that tells portage what
152     users/groups must be added to the system before emerging the ebuild. The
153     maintainer of the ebuild can assume the users/groups they have listed
154     exist before the functions in the ebuild (pkg_setup, src_install, etc...)
155 g2boojum 1.1 are ever run.</p>
156     </div>
157 g2boojum 1.5 <div class="section">
158     <h3><a class="toc-backref" href="#id11" id="id1" name="id1">Defining Accounts</a></h3>
159     <p>Any developer is free to add users/groups in their ebuilds provided they
160 g2boojum 1.1 create the required account definition files.</p>
161     </div>
162     </div>
163 g2boojum 1.5 <div class="section">
164     <h2><a class="toc-backref" href="#id12" id="user-interface" name="user-interface">User Interface</a></h2>
165     <div class="section">
166     <h3><a class="toc-backref" href="#id13" id="users-update" name="users-update">users-update</a></h3>
167     <p>When this script is run, all the users/groups that have been added by
168     portage to the system will be shown along with the packages that have
169     added said users/groups. Here they can delete accounts that are no longer
170     required by the currently installed packages (and optionally run a
171     script that will try to locate all files on the system that may still be
172 g2boojum 1.1 owned by the account).</p>
173     </div>
174 g2boojum 1.5 <div class="section">
175     <h3><a class="toc-backref" href="#id14" id="features-noautoaccts" name="features-noautoaccts">FEATURES=noautoaccts</a></h3>
176     <p>This is for the people who never want portage creating accounts for them.
177     When portage needs to add an account to the system but &quot;noautoaccts&quot; is
178     in FEATURES, portage will abort with a message instructing the user to
179     add the accounts that are listed in EUSERS and EGROUPS. This is
180 g2boojum 1.1 obviously a required step before the package will be emerged.</p>
181     </div>
182     </div>
183     </div>
184 g2boojum 1.5 <div class="section">
185     <h1><a class="toc-backref" href="#id15" id="rationale" name="rationale">Rationale</a></h1>
186     <p>Developers no longer have to worry about how to properly add users/groups
187     to systems and worry about whether or not their code will work on all
188     systems (LDAP vs local shadow vs cross compile vs etc...). Users can
189     easily override the defaults Gentoo has before dictated. The default
190     passwd and group database can once again be trimmed down to the barest of
191 g2boojum 1.1 accounts.</p>
192     </div>
193 g2boojum 1.5 <div class="section">
194     <h1><a class="toc-backref" href="#id16" id="backwards-compatibility" name="backwards-compatibility">Backwards Compatibility</a></h1>
195     <p>Handled in similar fashion as other portage rollouts. When using the new
196     account system, add a DEPEND for the required version of portage to the
197 g2boojum 1.1 ebuild.</p>
198     </div>
199 g2boojum 1.5 <div class="section">
200     <h1><a class="toc-backref" href="#id17" id="references" name="references">References</a></h1>
201 vapier 1.3 <table class="docutils footnote" frame="void" id="apibug" rules="none">
202 g2boojum 1.1 <colgroup><col class="label" /><col /></colgroup>
203     <tbody valign="top">
204     <tr><td class="label"><a name="apibug">[1]</a></td><td><a class="reference" href="http://bugs.gentoo.org/show_bug.cgi?id=8634">http://bugs.gentoo.org/show_bug.cgi?id=8634</a></td></tr>
205     </tbody>
206     </table>
207     </div>
208 g2boojum 1.5 <div class="section">
209     <h1><a class="toc-backref" href="#id18" id="copyright" name="copyright">Copyright</a></h1>
210 g2boojum 1.1 <p>This document has been placed in the public domain.</p>
211     </div>
212 vapier 1.3
213 g2boojum 1.1 </div>
214 vapier 1.3 <div class="footer">
215 g2boojum 1.2 <hr class="footer" />
216 g2boojum 1.1 <a class="reference" href="glep-0027.txt">View document source</a>.
217 antarus 1.7 Generated on: 2007-10-13 13:39 UTC.
218 g2boojum 1.1 Generated by <a class="reference" href="http://docutils.sourceforge.net/">Docutils</a> from <a class="reference" href="http://docutils.sourceforge.net/rst.html">reStructuredText</a> source.
219 vapier 1.3
220 g2boojum 1.1 </div>
221     </body>
222     </html>

  ViewVC Help
Powered by ViewVC 1.1.20