[5760] in Release_7.7_team
expanding Athena UNIX UID space
daemon@ATHENA.MIT.EDU (Garry Zacheiss)
Wed Apr 25 15:34:42 2007
Message-Id: <200704251933.l3PJXxd3000887@brad-majors.mit.edu>
To: moira-admin@MIT.EDU, release-team@MIT.EDU, athena-rcc@MIT.EDU
Date: Wed, 25 Apr 2007 15:33:59 -0400
From: Garry Zacheiss <zacheiss@MIT.EDU>
X-Spam-Flag: NO
X-Spam-Score: 0.00
I noticed the other day that we're almost out of free UIDs in moira, and
will need to do another purge soon. (moira-admin, expect mail about that
later today).
However, that got me thinking that it would be good if we could expand
our space of available UIDs, since as far as I know, neither recent
Solaris or Linux limit the size of UIDs to an unsigned short anymore.
To that end, I've resurrected the "hightest" test account and bumped its
UID to 90000 for purposes of testing. I've done some testing with it,
and I've asked Greg and Laura to do some as well. So far, we've tested
logins via xlogin, SSH, telnet, ftp, rlogin, etc. without ill effects.
"ls" and "id" output also appears sane.
As such, my questions are:
1.) Do we wish to formally proceed with doing this? I really think we
do.
2.) How formal a testing process do we want to use if we choose to
proceed?
and the related:
3.) Is anyone aware of any systems other than Athena logins (via hesiod
passwd entries) and AFS that this information is exposed to that need
to be tested?
4.) What additional ID space do we want to use? My initial thought was
that we want to open up the space through 99999, and reserve those
UIDs that conflict with existing AFS pts IDs for root instances. We
would simultaneously change the algorithm we use for generating pts
ids for root instances to prevent any further conflicts.
Greg proposed the alternate idea of beginning to allocate IDs above
131072 to avoid any root instance conflicts, which also seems like a
reasonable alternative.
There's also one related (although less important) question:
5.) We currently avoid handing out UIDs between 32000 and 32768 because
they interacted poorly with Ultrix. Is there any reason for us to
keep doing this?
I welcome any thoughts on how to proceed.
Garry