ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bolke de Bruin (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (RANGER-827) Use system supplied mechanism to get users and groups on unix
Date Fri, 12 Feb 2016 19:03:18 GMT

    [ https://issues.apache.org/jira/browse/RANGER-827?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15145085#comment-15145085

Bolke de Bruin commented on RANGER-827:

[~vperiasamy] Thanks for merging. I will do a submission to the review board.

On your change: minGroupId, minUserId are also used without nss. See "parseMembers"

Furthermore, In normal use a value of 500 is considered standard as it differentiates between
system supplied user names (root, daemon, bin, postgres etc) and normal users. Maybe that
is a better value? However, it should not matter too much.

> Use system supplied mechanism to get users and groups on unix
> -------------------------------------------------------------
>                 Key: RANGER-827
>                 URL: https://issues.apache.org/jira/browse/RANGER-827
>             Project: Ranger
>          Issue Type: Improvement
>          Components: usersync
>    Affects Versions: 0.5.1
>            Reporter: Bolke de Bruin
>            Assignee: Bolke de Bruin
>              Labels: integration, pam, sssd, sync
>             Fix For: 0.6.0
>         Attachments: 0001-RANGER-827-Add-default-value-for-min-group-id-to-sup.patch,
0001-RANGER-827-Improve-unix-usersync.patch, 0002-RANGER-827-Improve-unix-usersync.patch,
0003-RANGER-827-Improve-unix-usersync.patch, 0004-RANGER-827-Improve-unix-usersync.patch,
0005-RANGER-827-Improve-unix-usersync.patch, 0006-RANGER-827-Improve-unix-usersync.patch,
> The unix user sync currently reads /etc/passwd /etc/groups . This is often not a reflection
of users and groups available on a system especially when nsswitch is configured (eg. sssd,
ldap etc).
> Secondly in some cases groups will contain user names that are not returned with "getent
passwd", especially "external users" and it is required to add these using the group information.

This message was sent by Atlassian JIRA

View raw message