Namespace Reservations¶
There are a whole lot of namespaces that we need to be careful not to stomp on.
User names¶
These should be reserved entries in LDAP and have special handling on the KDC. Probably that means “no principal and no ability to bind to LDAP”
| acm | no UID, but prevent email clash |
| afsadmin | reserved for what it says on the tin |
| officers | no UID, but prevent email clash |
| system | no UID, AFS system-wide PTS prefix |
| *master | role email accounts |
| *admin{s,} | ditto |
| *officer{s,} | ditto |
| host* | KRB5 hostname prefix |
| rcmd* | KRB4 hostname prefix |
| ldap* | LDAP replication hats |
| root | |
| debian | |
| localadmin | |
| nobody | |
| nogroup |
UIDs¶
These should not be allocated via LDAP.
| <1000 | reserved for machine-specific services |
| 1000 | reserved for localadmin user [nsresv-localadmin] |
| 65534 | machine-local “nobody” account |
| [nsresv-localadmin] | Note that it’s vital that the UID and GID of the user whose .ssh/authorized_keys and .k5login point into the system-wide files in group/admins.pub match the UID/GID on those files, i.e. 1000. We therefore reserve 1000 for machine-local administrative accounts with sudo powers. |
GIDs¶
These should not be allocated via LDAP, in general.
| 100 | UNIX group containing all users |
| <1000 | reserved for machine-specific services |
AFS volumes¶
The suffixes .backup and .readonly are reserved for system use, to
refer to the BK and RO copies of RW volumes.
The following prefixes are conventional within the JHU ACM AFS volume namespace:
| user. | User home directories |
| mail. | User mail directories |
| scr. | User scratch directories |
| group. | Group storage volumes |
| gscr. | Group scratch volumes |
| service. | Service storage volumes |
| servscr. | Service scratch volumes |