Fixed user ids

Fixed user ids

[Schultschik, Sven]

[-- Attachment #1.1.1: Type: text/plain, Size: 1058 bytes --]

Hi ISAR users,

 

I’m currently thinking about to freeze the users and group ids.

 

I have different ideas in mind, but I wanted to ask which would be the best
way with ISAR to generate fixed user and group ids.

 

Or do you just pre create all needed user accounts before installing the
packages within the build process?

 

Mit freundlichen Grüßen
Sven Angelo Schultschik

Siemens AG
Digital Industries
Process Automation
Software House Khe
DI PA DCP R&D 2
Östliche Rheinbrückenstr. 50
76187 Karlsruhe, Deutschland
Tel.: +49 721 6672-0128
Mobil: +49 162 4975705
 <mailto:sven.schultschik@siemens.com> mailto:sven.schultschik@siemens.com
 <https://siemens.com> www.siemens.com

Siemens Aktiengesellschaft: Vorsitzender des Aufsichtsrats: Jim Hagemann
Snabe; Vorstand: Roland Busch, Vorsitzender; Cedrik Neike, Matthias
Rebellius, Ralf P. Thomas, Judith Wiese; Sitz der Gesellschaft: Berlin und
München, Deutschland; Registergericht: Berlin-Charlottenburg, HRB 12300,
München, HRB 6684; WEEE-Reg.-Nr. DE 23691322


[-- Attachment #1.1.2: Type: text/html, Size: 3802 bytes --]

[-- Attachment #1.2: image001.gif --]
[-- Type: image/gif, Size: 2730 bytes --]

[-- Attachment #2: smime.p7s --]
[-- Type: application/pkcs7-signature, Size: 14944 bytes --]

Re: Fixed user ids

[Henning Schild]

[-- Attachment #1: Type: text/plain, Size: 2079 bytes --]

Hey,

pre-fixed user ids would be an anti-pattern and would only work if
debian would do it.

If you need files to be owned by a specific user you chown and possibly
chmod them in postinst. Using the name and not an id. You create that
user in case it is not already there.


https://github.com/ilbers/isar/blob/master/doc/user_manual.md#home-directory-contents-prefilling

and here the example postinst

https://github.com/ilbers/isar/blob/master/meta-isar/recipes-app/example-raw/files/postinst

This is also how debian does things. i.e. when a webserver needs the
user "www", all web-server packages would create that user if not
there, and chown/chmod based on the name.

I think every file in a debian package will always belong to root:root,
and deviations need to be chowned in postinst.

Henning

Am Wed, 1 Sep 2021 12:04:57 +0000
schrieb "Schultschik, Sven" <sven.schultschik@siemens.com>:

> Hi ISAR users,
> 
>  
> 
> I’m currently thinking about to freeze the users and group ids.
> 
>  
> 
> I have different ideas in mind, but I wanted to ask which would be
> the best way with ISAR to generate fixed user and group ids.
> 
>  
> 
> Or do you just pre create all needed user accounts before installing
> the packages within the build process?
> 
>  
> 
> Mit freundlichen Grüßen
> Sven Angelo Schultschik
> 
> Siemens AG
> Digital Industries
> Process Automation
> Software House Khe
> DI PA DCP R&D 2
> Östliche Rheinbrückenstr. 50
> 76187 Karlsruhe, Deutschland
> Tel.: +49 721 6672-0128
> Mobil: +49 162 4975705
>  <mailto:sven.schultschik@siemens.com>
> mailto:sven.schultschik@siemens.com <https://siemens.com>
> www.siemens.com
> 
> Siemens Aktiengesellschaft: Vorsitzender des Aufsichtsrats: Jim
> Hagemann Snabe; Vorstand: Roland Busch, Vorsitzender; Cedrik Neike,
> Matthias Rebellius, Ralf P. Thomas, Judith Wiese; Sitz der
> Gesellschaft: Berlin und München, Deutschland; Registergericht:
> Berlin-Charlottenburg, HRB 12300, München, HRB 6684; WEEE-Reg.-Nr. DE
> 23691322
> 


[-- Attachment #2: smime.p7s --]
[-- Type: application/pkcs7-signature, Size: 7821 bytes --]

AW: Fixed user ids

[Schultschik, Sven]

[-- Attachment #1: Type: text/plain, Size: 2960 bytes --]

Hi Henning,

true, but the problem is different.
A little bit OT to understand the reason.
We have a A/B firmware update with a third partition which contains the /etc as overlay.

Now the passwd is saved in third partition with the UIds of the V1.0
With the V1.1 two services and accounts are added. Now the build add those new accounts and shift a lot of userids around.
If you do then a update from 1.0 to 1.1 the passwd from overlay overlays with different Uids.

A big migration script is not a good way too, so some sort of fixing some of the ids would keep the compatibility.

Regards
Sven

-----Ursprüngliche Nachricht-----
Von: Henning Schild <henning.schild@siemens.com> 
Gesendet: Mittwoch, 1. September 2021 17:55
An: Schultschik, Sven (DI PA DCP R&D 2) <sven.schultschik@siemens.com>
Cc: isar-users@googlegroups.com
Betreff: Re: Fixed user ids

Hey,

pre-fixed user ids would be an anti-pattern and would only work if
debian would do it.

If you need files to be owned by a specific user you chown and possibly
chmod them in postinst. Using the name and not an id. You create that
user in case it is not already there.


https://github.com/ilbers/isar/blob/master/doc/user_manual.md#home-directory-contents-prefilling

and here the example postinst

https://github.com/ilbers/isar/blob/master/meta-isar/recipes-app/example-raw/files/postinst

This is also how debian does things. i.e. when a webserver needs the
user "www", all web-server packages would create that user if not
there, and chown/chmod based on the name.

I think every file in a debian package will always belong to root:root,
and deviations need to be chowned in postinst.

Henning

Am Wed, 1 Sep 2021 12:04:57 +0000
schrieb "Schultschik, Sven" <sven.schultschik@siemens.com>:

> Hi ISAR users,
> 
>  
> 
> I’m currently thinking about to freeze the users and group ids.
> 
>  
> 
> I have different ideas in mind, but I wanted to ask which would be
> the best way with ISAR to generate fixed user and group ids.
> 
>  
> 
> Or do you just pre create all needed user accounts before installing
> the packages within the build process?
> 
>  
> 
> Mit freundlichen Grüßen
> Sven Angelo Schultschik
> 
> Siemens AG
> Digital Industries
> Process Automation
> Software House Khe
> DI PA DCP R&D 2
> Östliche Rheinbrückenstr. 50
> 76187 Karlsruhe, Deutschland
> Tel.: +49 721 6672-0128
> Mobil: +49 162 4975705
>  <mailto:sven.schultschik@siemens.com>
> mailto:sven.schultschik@siemens.com <https://siemens.com>
> www.siemens.com
> 
> Siemens Aktiengesellschaft: Vorsitzender des Aufsichtsrats: Jim
> Hagemann Snabe; Vorstand: Roland Busch, Vorsitzender; Cedrik Neike,
> Matthias Rebellius, Ralf P. Thomas, Judith Wiese; Sitz der
> Gesellschaft: Berlin und München, Deutschland; Registergericht:
> Berlin-Charlottenburg, HRB 12300, München, HRB 6684; WEEE-Reg.-Nr. DE
> 23691322
> 


[-- Attachment #2: smime.p7s --]
[-- Type: application/pkcs7-signature, Size: 14944 bytes --]

Re: Fixed user ids

[Henning Schild]

Am Thu, 2 Sep 2021 10:08:15 +0200
schrieb "Schultschik, Sven (DI PA DCP R&D 2)"
<sven.schultschik@siemens.com>:

> Hi Henning,
> 
> true, but the problem is different.
> A little bit OT to understand the reason.
> We have a A/B firmware update with a third partition which contains
> the /etc as overlay.

Ok understood. The proposed solution does not always create the same
uids and a build is not reproducible.

> Now the passwd is saved in third partition with the UIds of the V1.0
> With the V1.1 two services and accounts are added. Now the build add
> those new accounts and shift a lot of userids around. If you do then
> a update from 1.0 to 1.1 the passwd from overlay overlays with
> different Uids.
> 
> A big migration script is not a good way too, so some sort of fixing
> some of the ids would keep the compatibility.

I think a migration script would in fact be a clean solution. It could
be a postinst to your swupdate and "chown/chmod" a few times. If that
would end up "big" you probably have a "bigger" problem. In fact that
script could call the actual postinst scripts of your "chowning"
packages.

If you really want to go down the road of fixes ids you can probably
create a package which conditionally creates all users with fixed ids.
You make all users DEBIAN_DEPEND on that and try to make sure it gets
installed pretty early. But if the debian base decides to claim one of
"your" ids you might be pretty much out of luck. Say 42 is free in
stretch but "suddenly taken" in bullseye.

My feeling is that fixed ids with a postinst of a package that gets
installed "very early" might be possible. You can get super-early by
finding a package in the bootstrap-set and appending a "Depends:".
But cleaner would be to let users be created with "random" ids and deal
with the chown in postinst and using swupdate in a similar postupdate.

regards,
Henning

> Regards
> Sven
> 
> -----Ursprüngliche Nachricht-----
> Von: Henning Schild <henning.schild@siemens.com> 
> Gesendet: Mittwoch, 1. September 2021 17:55
> An: Schultschik, Sven (DI PA DCP R&D 2) <sven.schultschik@siemens.com>
> Cc: isar-users@googlegroups.com
> Betreff: Re: Fixed user ids
> 
> Hey,
> 
> pre-fixed user ids would be an anti-pattern and would only work if
> debian would do it.
> 
> If you need files to be owned by a specific user you chown and
> possibly chmod them in postinst. Using the name and not an id. You
> create that user in case it is not already there.
> 
> 
> https://github.com/ilbers/isar/blob/master/doc/user_manual.md#home-directory-contents-prefilling
> 
> and here the example postinst
> 
> https://github.com/ilbers/isar/blob/master/meta-isar/recipes-app/example-raw/files/postinst
> 
> This is also how debian does things. i.e. when a webserver needs the
> user "www", all web-server packages would create that user if not
> there, and chown/chmod based on the name.
> 
> I think every file in a debian package will always belong to
> root:root, and deviations need to be chowned in postinst.
> 
> Henning
> 
> Am Wed, 1 Sep 2021 12:04:57 +0000
> schrieb "Schultschik, Sven" <sven.schultschik@siemens.com>:
> 
> > Hi ISAR users,
> > 
> >  
> > 
> > I’m currently thinking about to freeze the users and group ids.
> > 
> >  
> > 
> > I have different ideas in mind, but I wanted to ask which would be
> > the best way with ISAR to generate fixed user and group ids.
> > 
> >  
> > 
> > Or do you just pre create all needed user accounts before installing
> > the packages within the build process?
> > 
> >  
> > 
> > Mit freundlichen Grüßen
> > Sven Angelo Schultschik
> > 
> > Siemens AG
> > Digital Industries
> > Process Automation
> > Software House Khe
> > DI PA DCP R&D 2
> > Östliche Rheinbrückenstr. 50
> > 76187 Karlsruhe, Deutschland
> > Tel.: +49 721 6672-0128
> > Mobil: +49 162 4975705
> >  <mailto:sven.schultschik@siemens.com>
> > mailto:sven.schultschik@siemens.com <https://siemens.com>
> > www.siemens.com
> > 
> > Siemens Aktiengesellschaft: Vorsitzender des Aufsichtsrats: Jim
> > Hagemann Snabe; Vorstand: Roland Busch, Vorsitzender; Cedrik Neike,
> > Matthias Rebellius, Ralf P. Thomas, Judith Wiese; Sitz der
> > Gesellschaft: Berlin und München, Deutschland; Registergericht:
> > Berlin-Charlottenburg, HRB 12300, München, HRB 6684; WEEE-Reg.-Nr.
> > DE 23691322
> >   
> 

AW: Fixed user ids

[Schultschik, Sven]

[-- Attachment #1: Type: text/plain, Size: 5994 bytes --]

Hi Henning,

I just found the image-account-extension.bbclass of ISAR with this you can
define user accounts in the kas yml file.

There I added now the newly added accounts for shellinabox and _llpdp with a
fixed id so the other dynamic generated uuids keep the same ids.
With the addition of an integration test, which checks the passwd and group
file for each version, it could be a good mix of both worlds.

-----Ursprüngliche Nachricht-----
Von: Henning Schild <henning.schild@siemens.com> 
Gesendet: Donnerstag, 2. September 2021 11:18
An: Schultschik, Sven (DI PA DCP R&D 2) <sven.schultschik@siemens.com>
Cc: isar-users@googlegroups.com
Betreff: Re: Fixed user ids

Am Thu, 2 Sep 2021 10:08:15 +0200
schrieb "Schultschik, Sven (DI PA DCP R&D 2)"
<sven.schultschik@siemens.com>:

> Hi Henning,
> 
> true, but the problem is different.
> A little bit OT to understand the reason.
> We have a A/B firmware update with a third partition which contains 
> the /etc as overlay.

Ok understood. The proposed solution does not always create the same uids
and a build is not reproducible.

> Now the passwd is saved in third partition with the UIds of the V1.0 
> With the V1.1 two services and accounts are added. Now the build add 
> those new accounts and shift a lot of userids around. If you do then a 
> update from 1.0 to 1.1 the passwd from overlay overlays with different 
> Uids.
> 
> A big migration script is not a good way too, so some sort of fixing 
> some of the ids would keep the compatibility.

I think a migration script would in fact be a clean solution. It could be a
postinst to your swupdate and "chown/chmod" a few times. If that would end
up "big" you probably have a "bigger" problem. In fact that script could
call the actual postinst scripts of your "chowning"
packages.

If you really want to go down the road of fixes ids you can probably create
a package which conditionally creates all users with fixed ids.
You make all users DEBIAN_DEPEND on that and try to make sure it gets
installed pretty early. But if the debian base decides to claim one of
"your" ids you might be pretty much out of luck. Say 42 is free in stretch
but "suddenly taken" in bullseye.

My feeling is that fixed ids with a postinst of a package that gets
installed "very early" might be possible. You can get super-early by finding
a package in the bootstrap-set and appending a "Depends:".
But cleaner would be to let users be created with "random" ids and deal with
the chown in postinst and using swupdate in a similar postupdate.

regards,
Henning

> Regards
> Sven
> 
> -----Ursprüngliche Nachricht-----
> Von: Henning Schild <henning.schild@siemens.com>
> Gesendet: Mittwoch, 1. September 2021 17:55
> An: Schultschik, Sven (DI PA DCP R&D 2) <sven.schultschik@siemens.com>
> Cc: isar-users@googlegroups.com
> Betreff: Re: Fixed user ids
> 
> Hey,
> 
> pre-fixed user ids would be an anti-pattern and would only work if 
> debian would do it.
> 
> If you need files to be owned by a specific user you chown and 
> possibly chmod them in postinst. Using the name and not an id. You 
> create that user in case it is not already there.
> 
> 
> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgith
> ub.com%2Filbers%2Fisar%2Fblob%2Fmaster%2Fdoc%2Fuser_manual.md%23home-d
> irectory-contents-prefilling&amp;data=04%7C01%7Csven.schultschik%40sie
> mens.com%7C67974e213b364875f8fb08d96df286f5%7C38ae3bcd95794fd4addab42e
> 1495d55a%7C1%7C0%7C637661710680057062%7CUnknown%7CTWFpbGZsb3d8eyJWIjoi
> MC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;
> sdata=1rLjd6yWUpBTQRYy5s%2FrSzxb4YF%2B54ns2nt3LO6gMXA%3D&amp;reserved=
> 0
> 
> and here the example postinst
> 
> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgith
> ub.com%2Filbers%2Fisar%2Fblob%2Fmaster%2Fmeta-isar%2Frecipes-app%2Fexa
> mple-raw%2Ffiles%2Fpostinst&amp;data=04%7C01%7Csven.schultschik%40siem
> ens.com%7C67974e213b364875f8fb08d96df286f5%7C38ae3bcd95794fd4addab42e1
> 495d55a%7C1%7C0%7C637661710680057062%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiM
> C4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;s
> data=dPykBiiNg6PrShljhjdtGZoW4lKdlU%2FoazDq%2BTsxUow%3D&amp;reserved=0
> 
> This is also how debian does things. i.e. when a webserver needs the 
> user "www", all web-server packages would create that user if not 
> there, and chown/chmod based on the name.
> 
> I think every file in a debian package will always belong to 
> root:root, and deviations need to be chowned in postinst.
> 
> Henning
> 
> Am Wed, 1 Sep 2021 12:04:57 +0000
> schrieb "Schultschik, Sven" <sven.schultschik@siemens.com>:
> 
> > Hi ISAR users,
> > 
> >  
> > 
> > I’m currently thinking about to freeze the users and group ids.
> > 
> >  
> > 
> > I have different ideas in mind, but I wanted to ask which would be 
> > the best way with ISAR to generate fixed user and group ids.
> > 
> >  
> > 
> > Or do you just pre create all needed user accounts before installing 
> > the packages within the build process?
> > 
> >  
> > 
> > Mit freundlichen Grüßen
> > Sven Angelo Schultschik
> > 
> > Siemens AG
> > Digital Industries
> > Process Automation
> > Software House Khe
> > DI PA DCP R&D 2
> > Östliche Rheinbrückenstr. 50
> > 76187 Karlsruhe, Deutschland
> > Tel.: +49 721 6672-0128
> > Mobil: +49 162 4975705
> >  <mailto:sven.schultschik@siemens.com>
> > mailto:sven.schultschik@siemens.com <https://siemens.com> 
> > www.siemens.com
> > 
> > Siemens Aktiengesellschaft: Vorsitzender des Aufsichtsrats: Jim 
> > Hagemann Snabe; Vorstand: Roland Busch, Vorsitzender; Cedrik Neike, 
> > Matthias Rebellius, Ralf P. Thomas, Judith Wiese; Sitz der
> > Gesellschaft: Berlin und München, Deutschland; Registergericht:
> > Berlin-Charlottenburg, HRB 12300, München, HRB 6684; WEEE-Reg.-Nr.
> > DE 23691322
> >   
> 


[-- Attachment #2: smime.p7s --]
[-- Type: application/pkcs7-signature, Size: 14944 bytes --]

Re: Fixed user ids

[Henning Schild]

Am Thu, 2 Sep 2021 13:48:00 +0000
schrieb "Schultschik, Sven" <sven.schultschik@siemens.com>:

> Hi Henning,
> 
> I just found the image-account-extension.bbclass of ISAR with this
> you can define user accounts in the kas yml file.
> 
> There I added now the newly added accounts for shellinabox and _llpdp
> with a fixed id so the other dynamic generated uuids keep the same
> ids. With the addition of an integration test, which checks the
> passwd and group file for each version, it could be a good mix of
> both worlds.

Sure, forgot to tell you about that one ;). It in fact runs pretty
early but i was considering proposing a move to run it very late.

That was discussed in "putting users into groups (created by packages)".

If i was you i would still try to do user creation and chown all in
posinst of packages. That is just more modular and flexible. The
image-account-extension was mainly born out of the need to set
passwords. We used to do that with postinst until we found that
postinst scripts remain in the filesystem ... so clear text passwords
ended up in the filesystem, even world readable.

That is when the extension was born ... and it offers much more, but
probably one might want to "use it only for passwords".

Henning

> -----Ursprüngliche Nachricht-----
> Von: Henning Schild <henning.schild@siemens.com> 
> Gesendet: Donnerstag, 2. September 2021 11:18
> An: Schultschik, Sven (DI PA DCP R&D 2) <sven.schultschik@siemens.com>
> Cc: isar-users@googlegroups.com
> Betreff: Re: Fixed user ids
> 
> Am Thu, 2 Sep 2021 10:08:15 +0200
> schrieb "Schultschik, Sven (DI PA DCP R&D 2)"
> <sven.schultschik@siemens.com>:
> 
> > Hi Henning,
> > 
> > true, but the problem is different.
> > A little bit OT to understand the reason.
> > We have a A/B firmware update with a third partition which contains 
> > the /etc as overlay.  
> 
> Ok understood. The proposed solution does not always create the same
> uids and a build is not reproducible.
> 
> > Now the passwd is saved in third partition with the UIds of the
> > V1.0 With the V1.1 two services and accounts are added. Now the
> > build add those new accounts and shift a lot of userids around. If
> > you do then a update from 1.0 to 1.1 the passwd from overlay
> > overlays with different Uids.
> > 
> > A big migration script is not a good way too, so some sort of
> > fixing some of the ids would keep the compatibility.  
> 
> I think a migration script would in fact be a clean solution. It
> could be a postinst to your swupdate and "chown/chmod" a few times.
> If that would end up "big" you probably have a "bigger" problem. In
> fact that script could call the actual postinst scripts of your
> "chowning" packages.
> 
> If you really want to go down the road of fixes ids you can probably
> create a package which conditionally creates all users with fixed ids.
> You make all users DEBIAN_DEPEND on that and try to make sure it gets
> installed pretty early. But if the debian base decides to claim one of
> "your" ids you might be pretty much out of luck. Say 42 is free in
> stretch but "suddenly taken" in bullseye.
> 
> My feeling is that fixed ids with a postinst of a package that gets
> installed "very early" might be possible. You can get super-early by
> finding a package in the bootstrap-set and appending a "Depends:".
> But cleaner would be to let users be created with "random" ids and
> deal with the chown in postinst and using swupdate in a similar
> postupdate.
> 
> regards,
> Henning
> 
> > Regards
> > Sven
> > 
> > -----Ursprüngliche Nachricht-----
> > Von: Henning Schild <henning.schild@siemens.com>
> > Gesendet: Mittwoch, 1. September 2021 17:55
> > An: Schultschik, Sven (DI PA DCP R&D 2)
> > <sven.schultschik@siemens.com> Cc: isar-users@googlegroups.com
> > Betreff: Re: Fixed user ids
> > 
> > Hey,
> > 
> > pre-fixed user ids would be an anti-pattern and would only work if 
> > debian would do it.
> > 
> > If you need files to be owned by a specific user you chown and 
> > possibly chmod them in postinst. Using the name and not an id. You 
> > create that user in case it is not already there.
> > 
> > 
> > https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgith
> > ub.com%2Filbers%2Fisar%2Fblob%2Fmaster%2Fdoc%2Fuser_manual.md%23home-d
> > irectory-contents-prefilling&amp;data=04%7C01%7Csven.schultschik%40sie
> > mens.com%7C67974e213b364875f8fb08d96df286f5%7C38ae3bcd95794fd4addab42e
> > 1495d55a%7C1%7C0%7C637661710680057062%7CUnknown%7CTWFpbGZsb3d8eyJWIjoi
> > MC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;
> > sdata=1rLjd6yWUpBTQRYy5s%2FrSzxb4YF%2B54ns2nt3LO6gMXA%3D&amp;reserved=
> > 0
> > 
> > and here the example postinst
> > 
> > https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgith
> > ub.com%2Filbers%2Fisar%2Fblob%2Fmaster%2Fmeta-isar%2Frecipes-app%2Fexa
> > mple-raw%2Ffiles%2Fpostinst&amp;data=04%7C01%7Csven.schultschik%40siem
> > ens.com%7C67974e213b364875f8fb08d96df286f5%7C38ae3bcd95794fd4addab42e1
> > 495d55a%7C1%7C0%7C637661710680057062%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiM
> > C4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;s
> > data=dPykBiiNg6PrShljhjdtGZoW4lKdlU%2FoazDq%2BTsxUow%3D&amp;reserved=0
> > 
> > This is also how debian does things. i.e. when a webserver needs
> > the user "www", all web-server packages would create that user if
> > not there, and chown/chmod based on the name.
> > 
> > I think every file in a debian package will always belong to 
> > root:root, and deviations need to be chowned in postinst.
> > 
> > Henning
> > 
> > Am Wed, 1 Sep 2021 12:04:57 +0000
> > schrieb "Schultschik, Sven" <sven.schultschik@siemens.com>:
> >   
> > > Hi ISAR users,
> > > 
> > >  
> > > 
> > > I’m currently thinking about to freeze the users and group ids.
> > > 
> > >  
> > > 
> > > I have different ideas in mind, but I wanted to ask which would
> > > be the best way with ISAR to generate fixed user and group ids.
> > > 
> > >  
> > > 
> > > Or do you just pre create all needed user accounts before
> > > installing the packages within the build process?
> > > 
> > >  
> > > 
> > > Mit freundlichen Grüßen
> > > Sven Angelo Schultschik
> > > 
> > > Siemens AG
> > > Digital Industries
> > > Process Automation
> > > Software House Khe
> > > DI PA DCP R&D 2
> > > Östliche Rheinbrückenstr. 50
> > > 76187 Karlsruhe, Deutschland
> > > Tel.: +49 721 6672-0128
> > > Mobil: +49 162 4975705
> > >  <mailto:sven.schultschik@siemens.com>
> > > mailto:sven.schultschik@siemens.com <https://siemens.com> 
> > > www.siemens.com
> > > 
> > > Siemens Aktiengesellschaft: Vorsitzender des Aufsichtsrats: Jim 
> > > Hagemann Snabe; Vorstand: Roland Busch, Vorsitzender; Cedrik
> > > Neike, Matthias Rebellius, Ralf P. Thomas, Judith Wiese; Sitz der
> > > Gesellschaft: Berlin und München, Deutschland; Registergericht:
> > > Berlin-Charlottenburg, HRB 12300, München, HRB 6684; WEEE-Reg.-Nr.
> > > DE 23691322
> > >     
> >   
>