HD permissions stay put

夜神 岩男 supergiantpotato at yahoo.co.jp
Mon Jul 4 01:43:42 UTC 2011 

On Sun, 2011-07-03 at 19:25 -0430, Patrick O'Callaghan wrote:
> On Sun, 2011-07-03 at 14:46 -0700, JD wrote:
> > I think you have exposed a very interesting problem.
> 
> It would be interesting if the problem hadn't been known about for the
> last 20 or 30 years, i.e. since Unix systems started being networked in
> large numbers.
> 
> This is exactly the reason Sun created NIS (formerly called Yellow
> Pages). Using NIS a set of machines can keep user ids and other info in
> sync. Nowadays LDAP is also used for this, as is Active Directory in the
> Windows world.
> 
> Unfortunately for people with only a couple of machines on their home
> network, these are usually too much trouble to set up, so the only
> solution is manually to keep UIDs/GIDs consistent across machines.
> 
> poc

Yeah... NIS would be a bit overkill for a single user case.

I used to play on multiple distros (a *lot*), split right down the
middle between Debian- and RPM-based systems. The solution to this is
pretty simple for a single-user (or very few user) system. Every time
you create a user on any system, specify the UID & GID explicitly, and
always use UIDs/GIDs <= 1000. Fedora doesn't care if you have a UID much
higher than 500, but Debian does care if your UID is lower than 1000 (in
fact, the man page for "useradd" on Fedora even says that 1000 is the
standard, Fedora just doesn't actually follow that).

So an example for me could be:

useradd -u 1001 -g 1001 i-yagami

So long as I use that same command to add myself to every system, no
conflicts occur anywhere. On the other hand, if I add a new system and
just enter "useradd i-yagami" (or use a GUI tool to add a user without
declaring the uid/gid manually) then the account will either have a uid
and gid of 1000 or 500, but either way my real /home/i-yagami folder
will not be the place my new, mistaken home gets created and the
permissions of the real home folder from within the new system will
simply say 1001:1001.

I don't really like the idea of passing the shadow and passwd files
around between systems or doing a lot of pipeline magic to fix
inconsistencies between such files across distros. The problem is that
different distros/systems handle user creation differently and you can
be unexpectedly missing things or having weird minor trouble with your
shared home folder. So going through the explicit "useradd -u # -g #
[name]" process was the easiest way for me and its anything but a burden
when dealing with a handful of users.

More information about the users mailing list