[Mageia-sysadm] Usernames, uids, and groups

nicolas vigier boklm at mars-attacks.org
Mon Nov 8 17:29:24 CET 2010


Hello,

On some machines like the svn server, we need to use pam_ldap to allow
users access with their ldap accounts. But on others servers like
alamut (web services), or the build nodes, normal users have no reason
to login. On those servers, do you think we should restrict access with
ssh configuration and a group, or disable pam_ldap completly on those
servers and only use local accounts ?

We also need to decide what UID ranges we use for local accounts, and for
ldap accounts.

And groups. I think we could use the following groups :
 * posix : promotes the user as posixAccount+sshPublicKey (in ldap), and
   allows access to the svn and git using svn+ssh:// and git+ssh://
 * packager : allows commits in packages repository, package submit using
   mdvsys, additional permissions on bugzilla, access to the packages
   maintainers database, etc ...
 * web : for members of web team, allows commits in web repository
 * documentation, translator, qa, marketing, etc ... : 
 * packagerapprentice, webapprentice, etc ... : for apprentices, with
   more restricted access
 * sysadm : gives admin permissions on all applications

What do you think ?

Nicolas



More information about the Mageia-sysadm mailing list