gabriel rosenkoetter on Tue, 4 Feb 2003 18:53:05 -0500


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Moving a lot of user accounts


On Tue, Feb 04, 2003 at 05:20:14PM -0500, Fred K Ollinger wrote:
> Poor assumption on my part. <joke>plug == philadelphia _linux_ users
> group</joke>. :)

I think we've hammered that one into the ground by now. ;^>

> > The whole point is that this needs to be the same cross-platform. In
> No argument. I guess I'm a bit linux-centric.

Even under that premise, though, you're NEVER going to live in a
Linux-only world. Simply won't happen (for *any* OS); there's just
too much already out there (like, say, Novell and Mac OS! What,
you were expecting something else to be the example? ;^>). So you
need to interact with other operating systems. Maybe by way of RPC
services or--heavens--sharing a SAN (if we ever come anywhere near
a standard on volume management, which Veritas and Legato would
probably fight, despite the fact that it wouldn't do them any harm
and would help all their customers equally), you're going to need to
be able to deal with ACLs.

And if "you" are in a corporate environment, using Linux, you're
buying it from a vendor like Red Hat or *maybe* at the *outside*
rolling your own Debian. Anyone rolling their own is far more likely
to be rolling their own something-that's-not-Red Hat. (Sure, that's
a blanket statement without any support. But consider what
distribution comes up whenever someone would like to try some
strange thing and asks about it on this mailing list.)

The whole reason to use Red Hat is that I can buy an Advanced Server
license from them and if *anything* goes wrong, I can call support.
But they, like any other OS company providing support, have just
cause to not help me if my problem is caused by the third-party
utility I'm using. Yes, the point of open source is that I can fix
it myself because I have the source, but that's just not the right
answer in a corporate environment for middle of the road problems.
Something simple and obvious, the sysadmin's suddenly a good because
he can code moderately. Something no one else is doing, there's
nothing for it but to slap some open source software together and
get it done... or you could pay Oracle/Veritas/whoever $100k for
it.  Anything in the middle, that's why I'm paying for support on
an annual basis.

> No doubt. I'm still waiting till ufs gets write perms in linux. It has had
> it, but it says, "dangerous". Incidentally, Gabriel, do you know a method
> of mounting ufs in linux? I tried to mount an OpenBSD part, and it worked,
> but it didn't read the disk label so

I've never tried; I'd just use NFS. ;^>

No, but really, I've never had a dual boot machine. Everything I've
read has taught me that if I did and I wanted the OSes installed on
it to share space, I'd want that shared space to be FAT32 even if
Windows wasn't involved. (Presuming IA32, here.)

I know that I can mount ext2 rw safely under NetBSD (and OpenBSD,
and FreeBSD), but I can't deal with ext3, so if I do that, I'll have
to fsck(8) the file system before I try to use it under Linux (or
bring the log up to date, or something; don't recall the details).

> gives no output. I know I'm missing something disklabel related here, but
> I don't know what.

Totally depends on the architecture, and I can't answer on any
architecture where OpenBSD runs, unless their macppc port has
actually started to work some time while I wasn't paying attention...
oh, wati, it must have, that's what Tsubai runs. So what
architecture? (I'm going to point you at docs under
http://www.netbsd.org/Documentation/; you could just shortcut the
direction. :^>)

> I was joking, but my comment about acl being included stands. I don't
> think it would take someone w/ no-how much to get this to work. Hell, you
> could put a wrapper in front of getfacl and this would work properly, a
> bit o' shell, then move ls to ls.old. :)

Let me paint you a picture:

"Boss, I'd like to set up ACLs, because it'd be easier for me to not
have to make groups all the time. It means installing this patch
manually on all 25 of our Red Hat systems, and then manually
maintain the kernel that's installed on them every time there's a
security issue with it. And then I've also got to replace a bunch of
shell utilities [btw, ls is FAR from the only one; think backups],
which I'll also have to update manually."

"Are you actually sure this will save you time? That sounds like a
lot of maintenance."

"Um, well..."

"Also, does it void our service contract?"

"Yeah, well, it might, but see, I know this guy at Red Hat..."

[laughter]

> 1. there are ext2 and ext3 patches in 2.5 right now for acls

... that mean you can't have quotas or something else, because they
use the same space in the too-little available metadata, and because
that allowance for metadata is too small in the design of ext2 (and
ext3 IS ext2 for these purposes, the journal not being of
consequence here), the use of ACLs can't but be crippled in those
file systems.

Or have those problems somehow been overcome? I haven't actually
looked at what's gone on recently, but I did peruse the ACL patch
information for ext2 when it first appeared.

And I wasn't under the impression that something existing in 2.5
implies it will exist in 2.6. Aren't they managed by wholly separate
people? Who may feel very differently about low-level changes like
these?

> When linux-2.6 comes out, RedHat will ship and and in it they will be
> shipping acls.

Care to wager? No, really. Like a beer or something.

> No. If you us xfs, you have acls all ready. If you look at the changelog
> for 2.4.20, you will find out that, while not all distros compile it in by
> default, it's there in the _stable_ source.

Is xfs supplied in a kernel for which Red Hat will provide me
support?

Is xfs, including its ACLs, supported by Veritas NetBackup?

(See where I'm going with this?)

> I'm not doubting it. Here we go w/ wildly defs of what rh means. I guess
> to you it means "as dictated by Durham" that's probably most common. To
> me, you can get rh distros right now w/ other filesystems one of which has
> acls right now.

To me, Red Hat means the company I pay to support the open source
software I have installed. The terms of that agreement say that I
install it and use it within a limited sphere, which isn't them
tying my hands, it's saying, "If you introduce variables we haven't
tested, we can't know what's going to happen, and we can't support
you in that situation (although we might try if we like you)."

I *need* someone to support me, so I take their terms, and go on
with life as best I can.

> Here's an xfs installer for the linux distribution based on rpms that's
> copmpatable in every way w/ RedHat except it has the extra feature, an xfs
> fs:
> 
> ftp://oss.sgi.com/projects/xfs/download/Release-1.1/installer/installer/i386/

An extra feature being a file system. Which I'd then put all of my
important data on. Then something about that FS blows up. Whom do
I call?

> 5. OpenBSD won't have acls until 2013, was this announced? :) Sorry
> Gabriel.

It *did* have a smiley when I said it originally... :^>

In any case, who knows, maybe it'll take till more like 2018 for the
NetBSD code to be audited to Theo's satisfaction so that he can
introduce a security defect removed from NetBSD years ago. (Cf,
mail(1) and ~.)

;^>

-- 
gabriel rosenkoetter
gr@eclipsed.net

Attachment: pgpKBWm5r5dzZ.pgp
Description: PGP signature