/[gentoo]/xml/htdocs/proj/en/glep/glep-0027.html
Gentoo

Contents of /xml/htdocs/proj/en/glep/glep-0027.html

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.5 - (show annotations) (download) (as text)
Tue Oct 10 20:25:14 2006 UTC (7 years, 10 months ago) by g2boojum
Branch: MAIN
Changes since 1.4: +343 -100 lines
File MIME type: text/html
regenerate all .html files

1 <?xml version="1.0" encoding="utf-8" ?>
2 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
3 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
4 <!--
5 This HTML is auto-generated. DO NOT EDIT THIS FILE! If you are writing a new
6 PEP, see http://www.python.org/peps/pep-0001.html for instructions and links
7 to templates. DO NOT USE THIS HTML FILE AS YOUR TEMPLATE!
8 -->
9 <head>
10 <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
11 <meta name="generator" content="Docutils 0.4: http://docutils.sourceforge.net/" />
12 <title>GLEP 27 -- Portage Management of UIDs/GIDs</title>
13 <style type="text/css">
14
15 /*
16 :Author: David Goodger
17 :Contact: goodger@users.sourceforge.net
18 :date: $Date: 2003/06/02 17:03:08 $
19 :version: $Revision: 1.1 $
20 :copyright: This stylesheet has been placed in the public domain.
21
22 Default cascading style sheet for the PEP HTML output of Docutils.
23 */
24
25 .first {
26 margin-top: 0 }
27
28 .last {
29 margin-bottom: 0 }
30
31 .navigation {
32 width: 100% ;
33 background: #cc99ff ;
34 margin-top: 0px ;
35 margin-bottom: 0px }
36
37 .navigation .navicon {
38 width: 150px ;
39 height: 35px }
40
41 .navigation .textlinks {
42 padding-left: 1em ;
43 text-align: left }
44
45 .navigation td, .navigation th {
46 padding-left: 0em ;
47 padding-right: 0em ;
48 vertical-align: middle }
49
50 .rfc2822 {
51 margin-top: 0.5em ;
52 margin-left: 0.5em ;
53 margin-right: 0.5em ;
54 margin-bottom: 0em }
55
56 .rfc2822 td {
57 text-align: left }
58
59 .rfc2822 th.field-name {
60 text-align: right ;
61 font-family: sans-serif ;
62 padding-right: 0.5em ;
63 font-weight: bold ;
64 margin-bottom: 0em }
65
66 a.toc-backref {
67 text-decoration: none ;
68 color: black }
69
70 body {
71 margin: 0px ;
72 margin-bottom: 1em ;
73 padding: 0px }
74
75 dd {
76 margin-bottom: 0.5em }
77
78 div.section {
79 margin-left: 1em ;
80 margin-right: 1em ;
81 margin-bottom: 1.5em }
82
83 div.section div.section {
84 margin-left: 0em ;
85 margin-right: 0em ;
86 margin-top: 1.5em }
87
88 div.abstract {
89 margin: 2em 5em }
90
91 div.abstract p.topic-title {
92 font-weight: bold ;
93 text-align: center }
94
95 div.attention, div.caution, div.danger, div.error, div.hint,
96 div.important, div.note, div.tip, div.warning {
97 margin: 2em ;
98 border: medium outset ;
99 padding: 1em }
100
101 div.attention p.admonition-title, div.caution p.admonition-title,
102 div.danger p.admonition-title, div.error p.admonition-title,
103 div.warning p.admonition-title {
104 color: red ;
105 font-weight: bold ;
106 font-family: sans-serif }
107
108 div.hint p.admonition-title, div.important p.admonition-title,
109 div.note p.admonition-title, div.tip p.admonition-title {
110 font-weight: bold ;
111 font-family: sans-serif }
112
113 div.figure {
114 margin-left: 2em }
115
116 div.footer, div.header {
117 font-size: smaller }
118
119 div.footer {
120 margin-left: 1em ;
121 margin-right: 1em }
122
123 div.system-messages {
124 margin: 5em }
125
126 div.system-messages h1 {
127 color: red }
128
129 div.system-message {
130 border: medium outset ;
131 padding: 1em }
132
133 div.system-message p.system-message-title {
134 color: red ;
135 font-weight: bold }
136
137 div.topic {
138 margin: 2em }
139
140 h1 {
141 font-family: sans-serif ;
142 font-size: large }
143
144 h2 {
145 font-family: sans-serif ;
146 font-size: medium }
147
148 h3 {
149 font-family: sans-serif ;
150 font-size: small }
151
152 h4 {
153 font-family: sans-serif ;
154 font-style: italic ;
155 font-size: small }
156
157 h5 {
158 font-family: sans-serif;
159 font-size: x-small }
160
161 h6 {
162 font-family: sans-serif;
163 font-style: italic ;
164 font-size: x-small }
165
166 .section hr {
167 width: 75% }
168
169 ol.simple, ul.simple {
170 margin-bottom: 1em }
171
172 ol.arabic {
173 list-style: decimal }
174
175 ol.loweralpha {
176 list-style: lower-alpha }
177
178 ol.upperalpha {
179 list-style: upper-alpha }
180
181 ol.lowerroman {
182 list-style: lower-roman }
183
184 ol.upperroman {
185 list-style: upper-roman }
186
187 p.caption {
188 font-style: italic }
189
190 p.credits {
191 font-style: italic ;
192 font-size: smaller }
193
194 p.label {
195 white-space: nowrap }
196
197 p.topic-title {
198 font-family: sans-serif ;
199 font-weight: bold }
200
201 pre.line-block {
202 font-family: serif ;
203 font-size: 100% }
204
205 pre.literal-block, pre.doctest-block {
206 margin-left: 2em ;
207 margin-right: 2em ;
208 background-color: #eeeeee }
209
210 span.classifier {
211 font-family: sans-serif ;
212 font-style: oblique }
213
214 span.classifier-delimiter {
215 font-family: sans-serif ;
216 font-weight: bold }
217
218 span.interpreted {
219 font-family: sans-serif }
220
221 span.option-argument {
222 font-style: italic }
223
224 span.pre {
225 white-space: pre }
226
227 span.problematic {
228 color: red }
229
230 table {
231 margin-top: 0.5em ;
232 margin-bottom: 0.5em }
233
234 td, th {
235 padding-left: 0.5em ;
236 padding-right: 0.5em ;
237 vertical-align: top }
238
239 td.num {
240 text-align: right }
241
242 th.field-name {
243 font-weight: bold ;
244 text-align: left ;
245 white-space: nowrap }
246
247 h1 tt, h2 tt, h3 tt, h4 tt, h5 tt, h6 tt {
248 font-size: 100% }
249
250 tt {
251 background-color: #eeeeee }
252
253 ul.auto-toc {
254 list-style-type: none }
255
256 </style>
257 </head>
258 <body bgcolor="white">
259 <table class="navigation" cellpadding="0" cellspacing="0"
260 width="100%" border="0">
261 <tr><td class="navicon" width="150" height="35">
262 <a href="http://www.gentoo.org/" title="Gentoo Linux Home Page">
263 <img src="http://www.gentoo.org/images/gentoo-new.gif" alt="[Gentoo]"
264 border="0" width="150" height="35" /></a></td>
265 <td class="textlinks" align="left">
266 [<b><a href="http://www.gentoo.org/">Gentoo Linux Home</a></b>]
267 [<b><a href="http://www.gentoo.org/peps">GLEP Index</a></b>]
268 [<b><a href="http://www.gentoo.org/proj/en/glep/glep-0027.txt">GLEP Source</a></b>]
269 </td></tr></table>
270 <table class="rfc2822 docutils field-list" frame="void" rules="none">
271 <col class="field-name" />
272 <col class="field-body" />
273 <tbody valign="top">
274 <tr class="field"><th class="field-name">GLEP:</th><td class="field-body">27</td>
275 </tr>
276 <tr class="field"><th class="field-name">Title:</th><td class="field-body">Portage Management of UIDs/GIDs</td>
277 </tr>
278 <tr class="field"><th class="field-name">Version:</th><td class="field-body">1.5</td>
279 </tr>
280 <tr class="field"><th class="field-name">Last-Modified:</th><td class="field-body"><a class="reference" href="http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/proj/en/glep/glep-0027.txt?cvsroot=gentoo">2005/09/18 20:48:23</a></td>
281 </tr>
282 <tr class="field"><th class="field-name">Author:</th><td class="field-body">Mike Frysinger &lt;vapier&#32;&#97;t&#32;gentoo.org&gt;</td>
283 </tr>
284 <tr class="field"><th class="field-name">Status:</th><td class="field-body">Approved</td>
285 </tr>
286 <tr class="field"><th class="field-name">Type:</th><td class="field-body">Standards Track</td>
287 </tr>
288 <tr class="field"><th class="field-name">Content-Type:</th><td class="field-body"><a class="reference" href="glep-0002.html">text/x-rst</a></td>
289 </tr>
290 <tr class="field"><th class="field-name">Created:</th><td class="field-body">29 May 2004</td>
291 </tr>
292 <tr class="field"><th class="field-name">Post-History:</th><td class="field-body">29-May-2004, 20-Jul-2004</td>
293 </tr>
294 </tbody>
295 </table>
296 <hr />
297 <div class="contents topic">
298 <p class="topic-title first"><a id="contents" name="contents">Contents</a></p>
299 <ul class="simple">
300 <li><a class="reference" href="#status" id="id2" name="id2">Status</a></li>
301 <li><a class="reference" href="#abstract" id="id3" name="id3">Abstract</a></li>
302 <li><a class="reference" href="#motivation" id="id4" name="id4">Motivation</a></li>
303 <li><a class="reference" href="#specification" id="id5" name="id5">Specification</a><ul>
304 <li><a class="reference" href="#portage-structure" id="id6" name="id6">Portage Structure</a><ul>
305 <li><a class="reference" href="#defining-accounts" id="id7" name="id7">Defining Accounts</a></li>
306 <li><a class="reference" href="#local-overrides" id="id8" name="id8">Local Overrides</a></li>
307 </ul>
308 </li>
309 <li><a class="reference" href="#developer-interface" id="id9" name="id9">Developer Interface</a><ul>
310 <li><a class="reference" href="#eusers-egroups" id="id10" name="id10">EUSERS + EGROUPS</a></li>
311 <li><a class="reference" href="#id1" id="id11" name="id11">Defining Accounts</a></li>
312 </ul>
313 </li>
314 <li><a class="reference" href="#user-interface" id="id12" name="id12">User Interface</a><ul>
315 <li><a class="reference" href="#users-update" id="id13" name="id13">users-update</a></li>
316 <li><a class="reference" href="#features-noautoaccts" id="id14" name="id14">FEATURES=noautoaccts</a></li>
317 </ul>
318 </li>
319 </ul>
320 </li>
321 <li><a class="reference" href="#rationale" id="id15" name="id15">Rationale</a></li>
322 <li><a class="reference" href="#backwards-compatibility" id="id16" name="id16">Backwards Compatibility</a></li>
323 <li><a class="reference" href="#references" id="id17" name="id17">References</a></li>
324 <li><a class="reference" href="#copyright" id="id18" name="id18">Copyright</a></li>
325 </ul>
326 </div>
327 <div class="section">
328 <h1><a class="toc-backref" href="#id2" id="status" name="status">Status</a></h1>
329 <p>This GLEP was approved as-is on 14-Jun-2004.</p>
330 </div>
331 <div class="section">
332 <h1><a class="toc-backref" href="#id3" id="abstract" name="abstract">Abstract</a></h1>
333 <p>The current handling of users and groups in the portage system lacks
334 policy and a decent API. We need an API that is both simple for
335 developers and end users.</p>
336 </div>
337 <div class="section">
338 <h1><a class="toc-backref" href="#id4" id="motivation" name="motivation">Motivation</a></h1>
339 <p>Currently the policy is left up to respective ebuild maintainers to
340 choose the username, id, shell settings, etc... and to have them added
341 in the right place at the right time in the right way. When the
342 addition of users was found to often times have broken logic, the
343 enewuser and enewgroup functions were designed to remove all the
344 details. However, these functions still suffer from some fundamental
345 problems. First, there is no local customization. Second, maintainers
346 still use the functions improperly (binary packages have suffered the
347 most thus far). Third, the functions are not portable across non-linux
348 systems and not friendly to cross compiling or other exotic setups.
349 There are other reasons, but these listed few are enough to warrant
350 change.</p>
351 </div>
352 <div class="section">
353 <h1><a class="toc-backref" href="#id5" id="specification" name="specification">Specification</a></h1>
354 <div class="section">
355 <h2><a class="toc-backref" href="#id6" id="portage-structure" name="portage-structure">Portage Structure</a></h2>
356 <div class="section">
357 <h3><a class="toc-backref" href="#id7" id="defining-accounts" name="defining-accounts">Defining Accounts</a></h3>
358 <p>New directories will need to be added to the rsync tree to store the files
359 that define the default values for new accounts. They will be stored on a
360 per-profile basis, that way sub-profiles may easily override parent profiles.
361 The default location will be the base profile since all other profiles inherit
362 from there.</p>
363 <pre class="literal-block">
364 portage/profiles/base/accounts/
365 user/&lt;username&gt;
366 group/&lt;groupname&gt;
367 accounts
368 </pre>
369 <p>The files are named with the respective user/group name since they need
370 to be unique in their respective domains. For example, the file
371 detailing the ntp user would be located accounts/user/ntp. Each
372 username file will detail the required information about each user.
373 Certain account features that exist on one class of systems (Linux) but
374 not on others (*BSD) can be redefined in their respective subprofiles. Each
375 groupname will follow similar guidelines. The accounts file will be used to
376 describe global account defaults such as the default range of 'valid system'
377 ids. For example, if the UID 123 is already used on a system, but the ntp
378 user defaults to '123', we obviously cannot just duplicate it. So we
379 would select the next available UID on the system based upon the range
380 defined here.</p>
381 </div>
382 <div class="section">
383 <h3><a class="toc-backref" href="#id8" id="local-overrides" name="local-overrides">Local Overrides</a></h3>
384 <p>Following the tried and true style of custom local portage files being
385 found in /etc/portage, this new system will follow the same. Users can
386 setup their own directory heirarchy in /etc/portage/profile/accounts/ that
387 mimics the heirarchy found in the portage tree. When portage attempts to add
388 a new user, it will first check /etc/portage/profile/accounts/user/&lt;username&gt;.
389 If it does not exist, it will simply use the default definition in the
390 portage tree.</p>
391 </div>
392 </div>
393 <div class="section">
394 <h2><a class="toc-backref" href="#id9" id="developer-interface" name="developer-interface">Developer Interface</a></h2>
395 <div class="section">
396 <h3><a class="toc-backref" href="#id10" id="eusers-egroups" name="eusers-egroups">EUSERS + EGROUPS</a></h3>
397 <p>Ebuilds that wish to add users or groups to the system must set these
398 variables. They are both space delimited lists that tells portage what
399 users/groups must be added to the system before emerging the ebuild. The
400 maintainer of the ebuild can assume the users/groups they have listed
401 exist before the functions in the ebuild (pkg_setup, src_install, etc...)
402 are ever run.</p>
403 </div>
404 <div class="section">
405 <h3><a class="toc-backref" href="#id11" id="id1" name="id1">Defining Accounts</a></h3>
406 <p>Any developer is free to add users/groups in their ebuilds provided they
407 create the required account definition files.</p>
408 </div>
409 </div>
410 <div class="section">
411 <h2><a class="toc-backref" href="#id12" id="user-interface" name="user-interface">User Interface</a></h2>
412 <div class="section">
413 <h3><a class="toc-backref" href="#id13" id="users-update" name="users-update">users-update</a></h3>
414 <p>When this script is run, all the users/groups that have been added by
415 portage to the system will be shown along with the packages that have
416 added said users/groups. Here they can delete accounts that are no longer
417 required by the currently installed packages (and optionally run a
418 script that will try to locate all files on the system that may still be
419 owned by the account).</p>
420 </div>
421 <div class="section">
422 <h3><a class="toc-backref" href="#id14" id="features-noautoaccts" name="features-noautoaccts">FEATURES=noautoaccts</a></h3>
423 <p>This is for the people who never want portage creating accounts for them.
424 When portage needs to add an account to the system but &quot;noautoaccts&quot; is
425 in FEATURES, portage will abort with a message instructing the user to
426 add the accounts that are listed in EUSERS and EGROUPS. This is
427 obviously a required step before the package will be emerged.</p>
428 </div>
429 </div>
430 </div>
431 <div class="section">
432 <h1><a class="toc-backref" href="#id15" id="rationale" name="rationale">Rationale</a></h1>
433 <p>Developers no longer have to worry about how to properly add users/groups
434 to systems and worry about whether or not their code will work on all
435 systems (LDAP vs local shadow vs cross compile vs etc...). Users can
436 easily override the defaults Gentoo has before dictated. The default
437 passwd and group database can once again be trimmed down to the barest of
438 accounts.</p>
439 </div>
440 <div class="section">
441 <h1><a class="toc-backref" href="#id16" id="backwards-compatibility" name="backwards-compatibility">Backwards Compatibility</a></h1>
442 <p>Handled in similar fashion as other portage rollouts. When using the new
443 account system, add a DEPEND for the required version of portage to the
444 ebuild.</p>
445 </div>
446 <div class="section">
447 <h1><a class="toc-backref" href="#id17" id="references" name="references">References</a></h1>
448 <table class="docutils footnote" frame="void" id="apibug" rules="none">
449 <colgroup><col class="label" /><col /></colgroup>
450 <tbody valign="top">
451 <tr><td class="label"><a name="apibug">[1]</a></td><td><a class="reference" href="http://bugs.gentoo.org/show_bug.cgi?id=8634">http://bugs.gentoo.org/show_bug.cgi?id=8634</a></td></tr>
452 </tbody>
453 </table>
454 </div>
455 <div class="section">
456 <h1><a class="toc-backref" href="#id18" id="copyright" name="copyright">Copyright</a></h1>
457 <p>This document has been placed in the public domain.</p>
458 </div>
459
460 </div>
461 <div class="footer">
462 <hr class="footer" />
463 <a class="reference" href="glep-0027.txt">View document source</a>.
464 Generated on: 2006-10-10 20:23 UTC.
465 Generated by <a class="reference" href="http://docutils.sourceforge.net/">Docutils</a> from <a class="reference" href="http://docutils.sourceforge.net/rst.html">reStructuredText</a> source.
466
467 </div>
468 </body>
469 </html>

  ViewVC Help
Powered by ViewVC 1.1.20