From owner-freebsd-hackers Thu Sep 2 7:31:16 1999 Delivered-To: freebsd-hackers@freebsd.org Received: from smtp13.bellglobal.com (smtp13.bellglobal.com [204.101.251.52]) by hub.freebsd.org (Postfix) with ESMTP id 349F915BF4 for ; Thu, 2 Sep 1999 07:31:08 -0700 (PDT) (envelope-from vanderh@ecf.toronto.edu) Received: from localhost.nowhere (ppp18402.on.bellglobal.com [206.172.130.82]) by smtp13.bellglobal.com (8.8.5/8.8.5) with ESMTP id KAA10799; Thu, 2 Sep 1999 10:32:35 -0400 (EDT) Received: (from tim@localhost) by localhost.nowhere (8.9.3/8.9.1) id KAA01525; Thu, 2 Sep 1999 10:08:45 -0400 (EDT) (envelope-from tim) Date: Thu, 2 Sep 1999 10:08:45 -0400 From: Tim Vanderhoek To: Sheldon Hearn Cc: hackers@FreeBSD.org Subject: Re: Proposal: Add generic username for 3rd-party MTA's Message-ID: <19990902100845.A1098@mad> Reply-To: hoek@FreeBSD.org References: <19990901204859.B14974@mad> <21096.936259315@axl.noc.iafrica.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95i In-Reply-To: <21096.936259315@axl.noc.iafrica.com>; from Sheldon Hearn on Thu, Sep 02, 1999 at 10:01:55AM +0200 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Thu, Sep 02, 1999 at 10:01:55AM +0200, Sheldon Hearn wrote: > > > OTOH, I can see that having a common user:group would be useful and > > make some things easier, too. > > And that's all I want -- to make things easier. :-) I don't think you should add usernames/groups to the base system just for the sake of ports. 1) There are more ports than just the MTAs that require their own usernames/groups. Are you going to add these to the base system, too? I realize that we already have some precedence for this; see for example inetd.conf which contains sample entries for ports. The differences are 1) entries in inetd.conf are sample entries only, 2) ports have no way of adding those entries to inetd.conf themselves (since touching /etc is illegal). 2) The current system for having ports add their own usernames and groupnames is very simple. It is a little messy in that there are a number of different pkg/INSTALL scripts, some of them broken to various degrees. Simply adding an mta username:groupname won't solve that problem. Suppose you do add an mta username/groupname to the base system. Ports will still need to keep their various pkg/INSTALL scripts, since the ports need to work on older releases of FreeBSD that do not have the new username and groupname. You would need to modify the pkg/INSTALL scripts to use the new username/groupname and (depending on how broken the script is to start with) add it only if necessary. What about existing admins who have their systems configured with the existing usernames and groupnames? These people will have problems when they upgrade the port (possibly annoying problems). Will the ports be modified so that they use their earlier custom username/groupname in preference to the standardized username/groupname? This is a lot of complexity you're adding simply for the sake of having a unified username and groupname added to the base system. 3) We try to keep the ports system roughly independent of the base system, and vice-a-versa. Do you plan to make sendmail use this new mta id (is that even possible?)? Or will this id be added solely for the use of the ports system? (Yes, I am aware of historical raisins such as the news id). If only the latter, then adding a new id is probably not a good idea. If what you want is to have all the MTAs run under a single user/group-name, then you should modify each of the ports. The ports can then add the user/group as necessary, which works for almost any release of FreeBSD. While you are doing this, you could also fix the ports to use a more-or-less common pkg/INSTALL script (although a copy should be carried with each port, rather than sharing only one copy); last time I looked at this, I came close to proposing an addition to bsd.port.mk, too. The only argument you've really made is that adding a user/group -name to the base system will make some things simpler. However, this also adds complexity elsewhere. Further, it is a fairly slippery slope. Adding user/group-names for every port wanting one is a fairly bad idea because of a) loss of single-point customizability for individual ports (eg. changing for local purposes the username used by a given port is now more work), b) backwards-compatibility requirements (ie. work on older releases of FreeBSD w/o custom uid/gid-s) of the ports system, and c) we may eventually collide with names added by admins on their own system (there is a de-facto standard of reserving the first 100 id # that helps lessen the likelihood of this, but it is i) only a de-facto standard, ii) only the first 100). -- This is my .signature which gets appended to the end of my messages. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message