POSIX pitfalls in modern desktop environments and how to work-around them

Speaker: Florian Haftmann

Track: Systems administration, automation and orchestration

Type: Long talk (45 minutes)

Room: Talks

Time: Aug 26 (Wed): 14:00

Duration: 0:45

The Unixoid operating systems (particularly Linux) have grown up in the era of workstations. Hence they use a couple of mechanisms designed for operating finite, closed and trusted structures of systems and user accounts: Global numeric IDs for user accounts, a permission system for cooperative file sharing built on groups, coming with arcane devices like primary groups and umasks. When running a stand-alone system, e. g. a notebook, using Linux today, these mechanisms get hardly in the way: there is only one user account running and operating the system. Problems arise when a huge infrastructure with thousands of systems and users is centrally configured using a directory service (e. g. LDAP). When done naively, the relics of the workstation era sneak in, obscuring the idea of modern desktop systems. This talk points out potential pitfalls and suggests work-arounds. It draws on experience running a huge Linux infrastructure in the public administration at the city of Munich.

Keywords: Directory services (LDAP, AD / Samba), PAM, System Security Services Daemon (SSSD), POSIX groups, heterogeneous desktop environments