1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<TITLE> [Mageia-sysadm] Usernames, uids, and groups
</TITLE>
<LINK REL="Index" HREF="index.html" >
<LINK REL="made" HREF="mailto:mageia-sysadm%40mageia.org?Subject=Re%3A%20%5BMageia-sysadm%5D%20Usernames%2C%20uids%2C%20and%20groups&In-Reply-To=%3C20101108162924.GP21938%40mars-attacks.org%3E">
<META NAME="robots" CONTENT="index,nofollow">
<META http-equiv="Content-Type" content="text/html; charset=us-ascii">
<LINK REL="Previous" HREF="000384.html">
<LINK REL="Next" HREF="000386.html">
</HEAD>
<BODY BGCOLOR="#ffffff">
<H1>[Mageia-sysadm] Usernames, uids, and groups</H1>
<B>nicolas vigier</B>
<A HREF="mailto:mageia-sysadm%40mageia.org?Subject=Re%3A%20%5BMageia-sysadm%5D%20Usernames%2C%20uids%2C%20and%20groups&In-Reply-To=%3C20101108162924.GP21938%40mars-attacks.org%3E"
TITLE="[Mageia-sysadm] Usernames, uids, and groups">boklm at mars-attacks.org
</A><BR>
<I>Mon Nov 8 17:29:24 CET 2010</I>
<P><UL>
<LI>Previous message: <A HREF="000384.html">[Mageia-sysadm] About build system setup
</A></li>
<LI>Next message: <A HREF="000386.html">[Mageia-sysadm] Usernames, uids, and groups
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#385">[ date ]</a>
<a href="thread.html#385">[ thread ]</a>
<a href="subject.html#385">[ subject ]</a>
<a href="author.html#385">[ author ]</a>
</LI>
</UL>
<HR>
<!--beginarticle-->
<PRE>Hello,
On some machines like the svn server, we need to use pam_ldap to allow
users access with their ldap accounts. But on others servers like
alamut (web services), or the build nodes, normal users have no reason
to login. On those servers, do you think we should restrict access with
ssh configuration and a group, or disable pam_ldap completly on those
servers and only use local accounts ?
We also need to decide what UID ranges we use for local accounts, and for
ldap accounts.
And groups. I think we could use the following groups :
* posix : promotes the user as posixAccount+sshPublicKey (in ldap), and
allows access to the svn and git using svn+<A HREF="ssh://">ssh://</A> and git+<A HREF="ssh://">ssh://</A>
* packager : allows commits in packages repository, package submit using
mdvsys, additional permissions on bugzilla, access to the packages
maintainers database, etc ...
* web : for members of web team, allows commits in web repository
* documentation, translator, qa, marketing, etc ... :
* packagerapprentice, webapprentice, etc ... : for apprentices, with
more restricted access
* sysadm : gives admin permissions on all applications
What do you think ?
Nicolas
</PRE>
<!--endarticle-->
<HR>
<P><UL>
<!--threads-->
<LI>Previous message: <A HREF="000384.html">[Mageia-sysadm] About build system setup
</A></li>
<LI>Next message: <A HREF="000386.html">[Mageia-sysadm] Usernames, uids, and groups
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#385">[ date ]</a>
<a href="thread.html#385">[ thread ]</a>
<a href="subject.html#385">[ subject ]</a>
<a href="author.html#385">[ author ]</a>
</LI>
</UL>
<hr>
<a href="https://www.mageia.org/mailman/listinfo/mageia-sysadm">More information about the Mageia-sysadm
mailing list</a><br>
</body></html>
|
