Board index Unix Admin

Account UID/GID manager across multiple platforms?

Account UID/GID manager across multiple platforms?

Post by J. Scott Farr » Fri, 27 Aug 1993 03:58:32



I'm interested in finding out what other UNIX admins are doing to manage
and keep consistent UID's and GID's across multiple platforms in the same
domain.

At my last job (the University of Colorado), we used an in-house package
which worked in tandem with a centralized UID database. (Yes, Jeff, I wish
I had DURM/Uniquid here. :)

Here at Western, we have a relatively new Internet domain with only a few
UNIX machines (as yet) and I've been charged with developing a system
to manage accounts and keep the UID's straight.  We will probably develop
our own system, but I'd like to see other ideas if you want to share them.

At a minimum, our platforms will include (old) SunOS, Solaris, DEC Ultrix,
Unixware, SCO ODT, Linux, and HP-UX.  Other possible platforms are IBM AIX,
and Dell SVR4.

If you know of any interesting packages (this doesn't really fit an
archie search :), public domain or otherwise, I'd appreciate it if you
would let me know about it.

I will summarize and repost if there is interest.

Thanks,

Scott
--
J. Scott Farrow                              UNIX/VAX Technical Support
Martin Marietta - DOE/Western Area Power Administration, Golden, CO USA

 
 
 
Top

Account UID/GID manager across multiple platforms?

Post by Pierre Assel » Sat, 28 Aug 1993 00:50:08




Quote:>I'm interested in finding out what other UNIX admins are doing to manage
>and keep consistent UID's and GID's across multiple platforms in the same
>domain.

Aside from managing the numbers, what is the legal range?  Some user
and group id's (bin, daemon...) are `owned' by the vendor and could
theoretically change with OS release;  you want to stay away from
those.  Free data point:  the AIX system tools pick 200 and up for
ordinary users and groups.

Is there universal agreement on what id numbers are reserved for local
use?  What is the upper limit?  our sys/types.h defines uid_t as
unsigned long, but I remember a thread a while back where an attempt to
use employee numbers caused an overflow.
--

--Pierre Asselin, Magnetoresistive Head Engineering, Applied Magnetics.


 
 
 
Top

Account UID/GID manager across multiple platforms?

Post by Part » Fri, 03 Sep 1993 22:22:41



> Aside from managing the numbers, what is the legal range?  Some user
> and group id's (bin, daemon...) are `owned' by the vendor and could
> theoretically change with OS release;  you want to stay away from
> those.  Free data point:  the AIX system tools pick 200 and up for
> ordinary users and groups.
> Is there universal agreement on what id numbers are reserved for local
> use?  What is the upper limit?  our sys/types.h defines uid_t as
> unsigned long, but I remember a thread a while back where an attempt to
> use employee numbers caused an overflow.

I think that it is fairly safe to use numbers between 1001 and 32000.

--

 
 
 
Top

Account UID/GID manager across multiple platforms?

Post by Stuart Pearlm » Sat, 04 Sep 1993 03:14:34




>> Is there universal agreement on what id numbers are reserved for local
>> use?  What is the upper limit?  our sys/types.h defines uid_t as
>> unsigned long, but I remember a thread a while back where an attempt to
>> use employee numbers caused an overflow.

>I think that it is fairly safe to use numbers between 1001 and 32000.

Watch out when using large number, though.  Programs that do alot of
number->name mapping (ls -l comes to mind), often have code that
favors lower numbers.

At least in our version of ls (sequent symmetry running dynix
3.0.17.9), there was a table with 4000 slots that was used to cache
names for uids between 0 and 3999.  The code looked something like:

    if (uid >= 0 && uid < 4000) {
        if (Name_cache[uid] == NULL)
            look_up_uid_in_password_file_and_put_name_in_cache();
        Name = Name_cache[uid];
    } else {
         Name = look_up_uid_in_password_file_and_return_name();
    }

For uids < 4000, the name was cached, but for uids >= 4000, the
password file was being repeatedly scanned.

When we started creating users with uids in the 4000-6000 range, ls -l
got really slow, particularly on directories with lots of files owned
by users with uids >= 4000.  I checked the source for ls and
discovered the 4000 entry name cache.  After increasing the size of
the cache to 8000 things sped up again.

-stuart
--

Trandes Corporation                             +1 301 459 0200
On-Contract-To: David Taylor Research Center    +1 301 227 1428

 
 
 
Top

1. UID and GID setups across multiple hosts

I am maintaining several Unix hosts which NFS mount file systems from
each other. My question is how to deal with the different system user
IDs and group IDs. I have four different versions of Unix and the system
UIDs and GIDs are all different. I can change them all (and fix the files
in the file systems to match) to a common set but then how do I deal with
operating system upgrades from the manufacturer? Or I can leave them
all different and deal with insuring that no files that are NFS mounted
use any of the system UIDs and GIDs (a real pain).

How do other folks solve this problem?

--
Justus J. Addiss, Sr. Software Engineer, 3M Health Information Systems

2. Windows NT4 Server and Linux 2.0.0

3. Process Accounting 32bit UID/GID support

4. svc.h parse error while compiling CAP

5. Normal for root to be UID 0 GID 0 rather than GID 1 ?

6. PLANET WL-8305

7. tcp/ip / sockets across multiple platforms

8. whats up 688273788

9. Root's UID and GID

10. HPUX - set GID and UID?

11. uid and gid in vfat fstab entry

12. NFS and UIDs/GIDs

13. How to find uid, gid, euid etc on a running process ?


All times are UTC
Board index