ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bolke de Bruin (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (RANGER-827) Use system supplied mechanism to get users and groups on unix
Date Fri, 12 Feb 2016 19:03:18 GMT

    [ https://issues.apache.org/jira/browse/RANGER-827?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15145085#comment-15145085
] 

Bolke de Bruin commented on RANGER-827:
---------------------------------------

[~vperiasamy] Thanks for merging. I will do a submission to the review board.

On your change: minGroupId, minUserId are also used without nss. See "parseMembers"

Furthermore, In normal use a value of 500 is considered standard as it differentiates between
system supplied user names (root, daemon, bin, postgres etc) and normal users. Maybe that
is a better value? However, it should not matter too much.

> Use system supplied mechanism to get users and groups on unix
> -------------------------------------------------------------
>
>                 Key: RANGER-827
>                 URL: https://issues.apache.org/jira/browse/RANGER-827
>             Project: Ranger
>          Issue Type: Improvement
>          Components: usersync
>    Affects Versions: 0.5.1
>            Reporter: Bolke de Bruin
>            Assignee: Bolke de Bruin
>              Labels: integration, pam, sssd, sync
>             Fix For: 0.6.0
>
>         Attachments: 0001-RANGER-827-Add-default-value-for-min-group-id-to-sup.patch,
0001-RANGER-827-Improve-unix-usersync.patch, 0002-RANGER-827-Improve-unix-usersync.patch,
0003-RANGER-827-Improve-unix-usersync.patch, 0004-RANGER-827-Improve-unix-usersync.patch,
0005-RANGER-827-Improve-unix-usersync.patch, 0006-RANGER-827-Improve-unix-usersync.patch,
usersync.patch
>
>
> The unix user sync currently reads /etc/passwd /etc/groups . This is often not a reflection
of users and groups available on a system especially when nsswitch is configured (eg. sssd,
ldap etc).
> Secondly in some cases groups will contain user names that are not returned with "getent
passwd", especially "external users" and it is required to add these using the group information.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message