|
| 1 | +LSB Specification Proposal |
| 2 | + |
| 3 | +Problem Statement: |
| 4 | +------------------ |
| 5 | + |
| 6 | +For administrators and certain types of applications it is important to have |
| 7 | +a cross distribution consistent naming policy for system created users. In |
| 8 | +certain cases it is also important to have a consistent user and group ids |
| 9 | +(UID & GID) for system created users. |
| 10 | + |
| 11 | +The various available cloud frameworks such as OpenStack, openNebula, |
| 12 | +CloudStack, and Eucalyptus come to mind. All cloud frameworks have services |
| 13 | +running on all the nodes in a cluster that comprises the cloud on the hardware |
| 14 | +side. It is generally possible to configure image sharing in these frameworks |
| 15 | +via NFS and thus the user name, UID, and GID need to match on all installations |
| 16 | +to provide the proper access permissions. This requirement reduces to |
| 17 | +consistent user names with NFSv4, but the adoption rate of NFSv4 is unknown. |
| 18 | +Additionally services for cloud frameworks may be configured in an HA |
| 19 | +environment and may not tolerate fail-over with UID transitioning. |
| 20 | + |
| 21 | +In an environment where LDAP is used system administrators may pre-create |
| 22 | +system users through the LDAP mechanism. This is difficult if different |
| 23 | +user names and UID as well as GID implementations exist across various |
| 24 | +distributions. |
| 25 | + |
| 26 | +Last but not least system users, i.e. names created through distribution |
| 27 | +provided packages, may collide with names created for "regular" system |
| 28 | +users. A common pattern for user names on Unix systems is to combine |
| 29 | +letters of the users name, many combinations of first and last name letters |
| 30 | +are in use. This may lead to combinations that may overlap with system user |
| 31 | +names. Sharing a user name between a system user and a person user leads |
| 32 | +to surprising or even security relevant misbehavior as the daemon user |
| 33 | +may write to files in the real user's home or vice versa. |
| 34 | + |
| 35 | +A cross distribution solution will also give upstream projects an avenue to |
| 36 | +determine user names when needed and ensure that distributions are consistent |
| 37 | +eliminating one potential source of issues for upstream projects |
| 38 | + |
| 39 | + |
| 40 | +(Proposed) Solution: |
| 41 | +-------------------- |
| 42 | + |
| 43 | +Add a detailed description of the proposed solution in this section. Detailed |
| 44 | +implementation suggestions are welcome. Be as specific as possible to provide |
| 45 | +a good technical basis for discussion on the various distribution mailing |
| 46 | +lists. |
| 47 | + |
| 48 | +Solution Discussion Links: |
| 49 | +-------------------------- |
| 50 | + |
| 51 | +Provide links to at least 3 distribution mailing lists where this topic has |
| 52 | +been discussed. |
| 53 | + |
| 54 | + |
| 55 | +Solution Rational: |
| 56 | +------------------ |
| 57 | + |
| 58 | +Provide a brief description how the documented solution was derived. |
| 59 | + |
| 60 | + |
| 61 | +Distributions Support: |
| 62 | +---------------------- |
| 63 | + |
| 64 | +A list of distributions that have pledged to adhere to this specification and |
| 65 | +integrate the test into their QA suite. |
| 66 | + |
| 67 | + |
| 68 | +Verification Test: |
| 69 | +------------------ |
| 70 | + |
| 71 | +tests/distro/userNames.py |
| 72 | +tests/distro/groupNames.py |
0 commit comments