[wplug] samba "machines" group

Chester R. Hosey Chester.Hosey at gianteagle.com
Wed Jun 29 17:04:35 EDT 2005


On Wed, 2005-06-29 at 16:24 -0400, Dane Miller wrote:
> Thanks for the reply.  
> 
> I'm dealing with a server (Debian Sarge) doing NFS/NIS and Samba.  I'm
> trying to set up a workstation with Ubuntu so it gets users and groups
> over NIS.  There are several GIDs < 1000 (system GIDs) that conflict
> between the server and the workstations.  For example, the GID 110 is
> "machines" on the server and "messagebus" on the Ubuntu workstation.
> 
> Note that it is possible to configure NIS to skip the system GIDs and
> start above 1000.  While this method would eliminate GID conflicts, it
> would also prevent users from accessing system resources like cdrom and
> floppy, whose GIDs are 10-115.
> 
> So I think I need to synchronize GIDs on the NIS server and the
> workstations.  And that's where my original question comes in... is
> there a standard GID assignment in Linux?  What is the correct GID for
> common system groups?  Does Linux Standard Base specify this?
> 
> Dane

Ouch.

According to http://refspecs.freestandards.org/LSB_2.1.0/LSB-Core-
generic/LSB-Core-generic/usernames.html, "This specification makes no
attempt to numerically assign uid or gid numbers. The exception is the
uid and gid for "root" which are equal to 0."

I'm not sure about Ubuntu's policies, but Debian does expect a certain
set of fixed UID and GID mappings as documented by the master files
in /usr/share/base-passwd. Changes to these IDs in /etc/ will probably
be overwritten by updates to the base-passwd package or by pre- and
post-inst scripts running update-passwd.

If you're married to the idea of matching all system IDs you'll want to
see whether Ubuntu imposes similar requirements on a given base set of
IDs and do your best to pair them up. You're probably best off
allocating a user group to this purpose, and just changing device
permissions to match.

Or better yet, it sounds like your concern isn't so much adding users to
groups permanently but allowing them access to resources local to the
device they're using.

Edit /etc/pam.d/login, enabling the the pam_group.so module (there
should be a commented entry by default), and
edit /etc/security/group.conf to add anyone logging in on tty* to the
proper group at login time. This makes users members of given groups
based on the terminal from which they're logging in, and doesn't depend
on GID at all, only group name. This is probably closest to what you're
trying to accomplish, and is easier than remapping IDs on either system.

Chet


More information about the wplug mailing list