Contents of /xml/htdocs/proj/en/glep/glep-0027.html

Parent Directory Parent Directory | Revision Log Revision Log

Revision 1.1 - (show annotations) (download) (as text)
Sat May 29 14:48:18 2004 UTC (14 years, 9 months ago) by g2boojum
Branch: MAIN
File MIME type: text/html

1 <?xml version="1.0" encoding="utf-8" ?>
2 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
3 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
4 <!--
5 This HTML is auto-generated. DO NOT EDIT THIS FILE! If you are writing a new
6 PEP, see http://www.python.org/peps/pep-0001.html for instructions and links
8 -->
9 <head>
10 <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
11 <meta name="generator" content="Docutils 0.3.0: http://docutils.sourceforge.net/" />
12 <title>GLEP 27 -- Portage Management of UIDs/GIDs</title>
13 <link rel="stylesheet" href="tools/glep.css" type="text/css" />
14 </head>
15 <body bgcolor="white">
16 <table class="navigation" cellpadding="0" cellspacing="0"
17 width="100%" border="0">
18 <tr><td class="navicon" width="150" height="35">
19 <a href="http://www.gentoo.org/" title="Gentoo Linux Home Page">
20 <img src="http://www.gentoo.org/images/gentoo-new.gif" alt="[Gentoo]"
21 border="0" width="150" height="35" /></a></td>
22 <td class="textlinks" align="left">
23 [<b><a href="http://www.gentoo.org/">Gentoo Linux Home</a></b>]
24 [<b><a href="http://www.gentoo.org/proj/en/glep">GLEP Index</a></b>]
25 [<b><a href="http://www.gentoo.org/proj/en/glep/glep-0027.txt">GLEP Source</a></b>]
26 </td></tr></table>
27 <div class="document">
28 <table class="rfc2822 field-list" frame="void" rules="none">
29 <col class="field-name" />
30 <col class="field-body" />
31 <tbody valign="top">
32 <tr class="field"><th class="field-name">GLEP:</th><td class="field-body">27</td>
33 </tr>
34 <tr class="field"><th class="field-name">Title:</th><td class="field-body">Portage Management of UIDs/GIDs</td>
35 </tr>
36 <tr class="field"><th class="field-name">Version:</th><td class="field-body">1.1</td>
37 </tr>
38 <tr class="field"><th class="field-name">Last-Modified:</th><td class="field-body"><a class="reference" href="http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/proj/en/glep/glep-0027.txt?cvsroot=gentoo">2004/05/29 14:31:58</a></td>
39 </tr>
40 <tr class="field"><th class="field-name">Author:</th><td class="field-body">Mike Frysinger &lt;vapier&#32;&#97;t&#32;gentoo.org&gt;</td>
41 </tr>
42 <tr class="field"><th class="field-name">Status:</th><td class="field-body">Draft</td>
43 </tr>
44 <tr class="field"><th class="field-name">Type:</th><td class="field-body">Standards Track</td>
45 </tr>
46 <tr class="field"><th class="field-name">Content-Type:</th><td class="field-body"><a class="reference" href="glep-0002.html">text/x-rst</a></td>
47 </tr>
48 <tr class="field"><th class="field-name">Created:</th><td class="field-body">29 May 2004</td>
49 </tr>
50 <tr class="field"><th class="field-name">Post-History:</th><td class="field-body">29-May-2004</td>
51 </tr>
52 </tbody>
53 </table>
54 <hr />
55 <div class="contents topic" id="contents">
56 <p class="topic-title"><a name="contents">Contents</a></p>
57 <ul class="simple">
58 <li><a class="reference" href="#abstract" id="id2" name="id2">Abstract</a></li>
59 <li><a class="reference" href="#motivation" id="id3" name="id3">Motivation</a></li>
60 <li><a class="reference" href="#specification" id="id4" name="id4">Specification</a><ul>
61 <li><a class="reference" href="#portage-structure" id="id5" name="id5">Portage Structure</a><ul>
62 <li><a class="reference" href="#defining-accounts" id="id6" name="id6">Defining Accounts</a></li>
63 <li><a class="reference" href="#local-overrides" id="id7" name="id7">Local Overrides</a></li>
64 </ul>
65 </li>
66 <li><a class="reference" href="#developer-interface" id="id8" name="id8">Developer Interface</a><ul>
67 <li><a class="reference" href="#eusers-egroups" id="id9" name="id9">EUSERS + EGROUPS</a></li>
68 <li><a class="reference" href="#id1" id="id10" name="id10">Defining Accounts</a></li>
69 </ul>
70 </li>
71 <li><a class="reference" href="#user-interface" id="id11" name="id11">User Interface</a><ul>
72 <li><a class="reference" href="#users-update" id="id12" name="id12">users-update</a></li>
73 <li><a class="reference" href="#features-noautoaccts" id="id13" name="id13">FEATURES=noautoaccts</a></li>
74 </ul>
75 </li>
76 </ul>
77 </li>
78 <li><a class="reference" href="#rationale" id="id14" name="id14">Rationale</a></li>
79 <li><a class="reference" href="#backwards-compatibility" id="id15" name="id15">Backwards Compatibility</a></li>
80 <li><a class="reference" href="#references" id="id16" name="id16">References</a></li>
81 <li><a class="reference" href="#copyright" id="id17" name="id17">Copyright</a></li>
82 </ul>
83 </div>
84 <div class="section" id="abstract">
85 <h1><a class="toc-backref" href="#id2" name="abstract">Abstract</a></h1>
86 <p>The current handling of users and groups in the portage system lacks
87 policy and a decent API. We need an API that is both simple for
88 developers and end users.</p>
89 </div>
90 <div class="section" id="motivation">
91 <h1><a class="toc-backref" href="#id3" name="motivation">Motivation</a></h1>
92 <p>Currently the policy is left up to respective ebuild maintainers to
93 choose the username, id, shell settings, etc... and to have them added
94 in the right place at the right time in the right way. When the
95 addition of users was found to often times have broken logic, the
96 enewuser and enewgroup functions were designed to remove all the
97 details. However, these functions still suffer from some fundamental
98 problems. First, there is no local customization. Second, maintainers
99 still use the functions improperly (binary packages have suffered the
100 most thus far). Third, the functions are not portable across non-linux
101 systems and not friendly to cross compiling or other exotic setups.
102 There are other reasons, but these listed few are enough to warrant
103 change.</p>
104 </div>
105 <div class="section" id="specification">
106 <h1><a class="toc-backref" href="#id4" name="specification">Specification</a></h1>
107 <div class="section" id="portage-structure">
108 <h2><a class="toc-backref" href="#id5" name="portage-structure">Portage Structure</a></h2>
109 <div class="section" id="defining-accounts">
110 <h3><a class="toc-backref" href="#id6" name="defining-accounts">Defining Accounts</a></h3>
111 <p>A new directory will need to be added to the rsync tree to store the
112 files that define the default values for new accounts.</p>
113 <pre class="literal-block">
114 portage/profiles/accounts/
115 user/&lt;username&gt;.xml
116 group/&lt;groupname&gt;.xml
117 accounts.xml
118 </pre>
119 <p>The files are named with the respective user/group name since they need
120 to be unique in their respective domains. For example, the file
121 detailing the ntp user would be located accounts/user/ntp.xml. Each
122 username.xml file will detail the required information about each user.
123 Certain account features that exist on one class of systems (Linux) but
124 not on others (*BSD) can be tagged as such. Each groupname.xml will
125 follow similar guidelines. The accounts.xml will be used to describe
126 global account defaults such as the default range of 'valid system' ids.
127 For example, if the UID 123 is already used on a system, but the ntp
128 user defaults to '123', we obviously cannot just duplicate it. So we
129 would select the next available UID on the system based upon the range
130 defined here.</p>
131 </div>
132 <div class="section" id="local-overrides">
133 <h3><a class="toc-backref" href="#id7" name="local-overrides">Local Overrides</a></h3>
134 <p>Following the tried and true style of custom local portage files being
135 found in /etc/portage, this new system will follow the same. Users can
136 setup their own directory heirarchy in /etc/portage/accounts/ that mimics
137 the heirarchy found in the portage tree. When portage attempts to add a
138 new user, it will first check /etc/portage/accounts/user/&lt;username&gt;.xml.
139 If it does not exist, it will simply use the default definition in the
140 portage tree.</p>
141 </div>
142 </div>
143 <div class="section" id="developer-interface">
144 <h2><a class="toc-backref" href="#id8" name="developer-interface">Developer Interface</a></h2>
145 <div class="section" id="eusers-egroups">
146 <h3><a class="toc-backref" href="#id9" name="eusers-egroups">EUSERS + EGROUPS</a></h3>
147 <p>Ebuilds that wish to add users or groups to the system must set these
148 variables. They are both space delimited lists that tells portage what
149 users/groups must be added to the system before emerging the ebuild. The
150 maintainer of the ebuild can assume the users/groups they have listed
151 exist before the functions in the ebuild (pkg_setup, src_install, etc...)
152 are ever run.</p>
153 </div>
154 <div class="section" id="id1">
155 <h3><a class="toc-backref" href="#id10" name="id1">Defining Accounts</a></h3>
156 <p>Any developer is free to add users/groups in their ebuilds provided they
157 create the required account definition files.</p>
158 </div>
159 </div>
160 <div class="section" id="user-interface">
161 <h2><a class="toc-backref" href="#id11" name="user-interface">User Interface</a></h2>
162 <div class="section" id="users-update">
163 <h3><a class="toc-backref" href="#id12" name="users-update">users-update</a></h3>
164 <p>When this script is run, all the users/groups that have been added by
165 portage to the system will be shown along with the packages that have
166 added said users/groups. Here they can delete accounts that are no longer
167 required by the currently installed packages (and optionally run a
168 script that will try to locate all files on the system that may still be
169 owned by the account).</p>
170 </div>
171 <div class="section" id="features-noautoaccts">
172 <h3><a class="toc-backref" href="#id13" name="features-noautoaccts">FEATURES=noautoaccts</a></h3>
173 <p>This is for the people who never want portage creating accounts for them.
174 When portage needs to add an account to the system but &quot;noautoaccts&quot; is
175 in FEATURES, portage will abort with a message instructing the user to
176 add the accounts that are listed in EUSERS and EGROUPS. This is
177 obviously a required step before the package will be emerged.</p>
178 </div>
179 </div>
180 </div>
181 <div class="section" id="rationale">
182 <h1><a class="toc-backref" href="#id14" name="rationale">Rationale</a></h1>
183 <p>Developers no longer have to worry about how to properly add users/groups
184 to systems and worry about whether or not their code will work on all
185 systems (LDAP vs local shadow vs cross compile vs etc...). Users can
186 easily override the defaults Gentoo has before dictated. The default
187 passwd and group database can once again be trimmed down to the barest of
188 accounts.</p>
189 </div>
190 <div class="section" id="backwards-compatibility">
191 <h1><a class="toc-backref" href="#id15" name="backwards-compatibility">Backwards Compatibility</a></h1>
192 <p>Handled in similar fashion as other portage rollouts. When using the new
193 account system, add a DEPEND for the required version of portage to the
194 ebuild.</p>
195 </div>
196 <div class="section" id="references">
197 <h1><a class="toc-backref" href="#id16" name="references">References</a></h1>
198 <table class="footnote" frame="void" id="apibug" rules="none">
199 <colgroup><col class="label" /><col /></colgroup>
200 <tbody valign="top">
201 <tr><td class="label"><a name="apibug">[1]</a></td><td><a class="reference" href="http://bugs.gentoo.org/show_bug.cgi?id=8634">http://bugs.gentoo.org/show_bug.cgi?id=8634</a></td></tr>
202 </tbody>
203 </table>
204 </div>
205 <div class="section" id="copyright">
206 <h1><a class="toc-backref" href="#id17" name="copyright">Copyright</a></h1>
207 <p>This document has been placed in the public domain.</p>
208 </div>
209 </div>
211 <hr class="footer"/>
212 <div class="footer">
213 <a class="reference" href="glep-0027.txt">View document source</a>.
214 Generated on: 2004-05-29 14:47 UTC.
215 Generated by <a class="reference" href="http://docutils.sourceforge.net/">Docutils</a> from <a class="reference" href="http://docutils.sourceforge.net/rst.html">reStructuredText</a> source.
216 </div>
217 </body>
218 </html>

  ViewVC Help
Powered by ViewVC 1.1.20