First problem statement for new LSB approach

documents/problems/userNaming.txt

@@ -0,0 +1,72 @@
+LSB Specification Proposal
+
+Problem Statement:
+------------------
+
+For administrators and certain types of applications it is important to have
+a cross distribution consistent naming policy for system created users. In
+certain cases it is also important to have a consistent user and group ids
+(UID & GID) for system created users.
+
+The various available cloud frameworks such as OpenStack, openNebula,
+CloudStack, and Eucalyptus come to mind. All cloud frameworks have services
+running on all the nodes in a cluster that comprises the cloud on the hardware
+side. It is generally possible to configure image sharing in these frameworks
+via NFS and thus the user name, UID, and GID need to match on all installations
+to provide the proper access permissions. This requirement reduces to
+consistent user names with NFSv4, but the adoption rate of NFSv4 is unknown.
+Additionally services for cloud frameworks may be configured in an HA
+environment and may not tolerate fail-over with UID transitioning.
+
+In an environment where LDAP is used system administrators may pre-create
+system users through the LDAP mechanism. This is difficult if different
+user names and UID as well as GID implementations exist across various
+distributions.
+
+Last but not least system users, i.e. names created through distribution
+provided packages, may collide with names created for "regular" system
+users. A common pattern for user names on Unix systems is to combine
+letters of the users name, many combinations of first and last name letters
+are in use. This may lead to combinations that may overlap with system user
+names. Sharing a user name between a system user and a person user leads
+to surprising or even security relevant misbehavior as the daemon user
+may write to files in the real user's home or vice versa.
+
+A cross distribution solution will also give upstream projects an avenue to
+determine user names when needed and ensure that distributions are consistent
+eliminating one potential source of issues for upstream projects
+
+
+(Proposed) Solution:
+--------------------
+
+Add a detailed description of the proposed solution in this section. Detailed
+implementation suggestions are welcome. Be as specific as possible to provide
+a good technical basis for discussion on the various distribution mailing
+lists.
+
+Solution Discussion Links:
+--------------------------
+
+Provide links to at least 3 distribution mailing lists where this topic has
+been discussed.
+
+
+Solution Rational:
+------------------
+
+Provide a brief description how the documented solution was derived.
+
+
+Distributions Support:
+----------------------
+
+A list of distributions that have pledged to adhere to this specification and
+integrate the test into their QA suite.
+
+
+Verification Test:
+------------------
+
+tests/distro/userNames.py
+tests/distro/groupNames.py

tests/distro/groupNames.py

@@ -0,0 +1,17 @@
+#!/usr/bin/python
+
+import grp
+import sys
+
+lsbGroups = {
+    'root'    : 0,
+    'nobody'  : 65533,
+    'nogroup' : 65534,
+}
+
+for grpent in grp.getgrall():
+    if lsbGroups.has_key(grpent.gr_name):
+        if grpent.gr_gid != lsbGroups[grpent.gr_name]:
+            print 'GID for group %s does not match specification' %grp
+            print 'found: ', gid, ',', ' expected: ', lsbGroups[grp]
+            sys.exit(1)

tests/distro/userNames.py

@@ -0,0 +1,16 @@
+#!/usr/bin/python
+
+import pwd
+import sys
+
+lsbUsers = {
+    'root'   : (0,0),
+    'nobody' : (65534,65533),
+}
+
+for pwent in pwd.getpwall():
+    if lsbUsers.has_key(pwent.pw_name):
+        if (pwent.pw_uid, pwent.pw_gid) != lsbUsers[pwent.pw_name]:
+            print 'UID and or GID for user %s do not match specification' %usr
+            print 'found: (', uid, ',', gid, ') expected: ', lsbUsers[usr]
+            sys.exit(1)