You are browsing a read-only backup copy of Wikitech. The live site can be found at wikitech.wikimedia.org
UID: Difference between revisions
Jump to navigation
Jump to search
imported>Elukey No edit summary |
imported>Btullis m (→reserved UIDs & GIDs: Un-reserved alluxio from uid 914) |
||
| Line 73: | Line 73: | ||
|913 || 913 || analytics-platform-eng | |913 || 913 || analytics-platform-eng | ||
|- | |- | ||
|914 || 914 || | |914 || 914 || (available for use) | ||
|- | |- | ||
|915 || 915 || git | |915 || 915 || git | ||
Revision as of 09:24, 3 December 2021
reserved UIDs & GIDs
Althugh we try to keep this up-to-date it the authoritative source is admin.yaml
Make sure to add reservation entry to admin.yaml
If you want the account to be created every where you must reserve the UID in the puppet admin module and use systemd-sysuser. like in this example.
If the user will just exist on a few machines then you should resever the account in the admin module with a commented block. like in this example, then create the user with a normal user block e.g.
systemd::sysuser { 'git':
content => [
'usertype' => 'u',
'name' => 'git',
'id' => 915:915,
'gecos' => 'git used by GitLab',
'home_dir' => '/var/opt/gitlab',
]
}
- (table columns are sortable)
| UID | GID | user name |
|---|---|---|
| 33 | 33 | www-data |
| 48 | 48 | apache |
| 107 | 112 | puppet |
| 110 | 115 | nagios |
| 111 | 116 | mwdeploy |
| 444 | 444 | gerrit2 |
| 445 | 445 | rancid |
| 498 | 498 | phd (phabricator) |
| 499 | 499 | trebuchet |
| 901 | 901 | reprepro |
| 902 | 902 | swift |
| 903 | 903 | hdfs (previously jenkins) |
| 904 | 904 | yarn |
| 905 | 905 | mapred |
| 906 | 906 | analytics |
| 906 | 906 | analytics |
| 907 | 907 | druid |
| 908 | 908 | hadoop |
| 909 | 909 | analytics-privatedata |
| 910 | 910 | analytics-product |
| 911 | 911 | analytics-search |
| 912 | 912 | analytics-research |
| 913 | 913 | analytics-platform-eng |
| 914 | 914 | (available for use) |
| 915 | 915 | git |
| 916 | 916 | kafka |
| 10002 | 10002 | l10nupdate |
permission/security hierarchy
the security hierarchy looks as follows as decribed by TimStarling:
- root > wikidev > mwdeploy > www-data
- root can own wikidev but wikidev can't own root
- wikidev can own mwdeploy but mwdeploy can't own wikidev
- scripts owned by mwdeploy can only be run by www-data
- everything has to su to www-data before running maintenance scripts
also see: task T79786