###################### Namespace Reservations ###################### There are a whole lot of namespaces that we need to be careful not to stomp on. User names ---------- These should be reserved entries in LDAP and have special handling on the KDC. Probably that means "no principal and no ability to bind to LDAP" ============= ======================================== acm no UID, but prevent email clash afsadmin reserved for what it says on the tin officers no UID, but prevent email clash system no UID, AFS system-wide PTS prefix \*master role email accounts \*admin{s,} ditto \*officer{s,} ditto host\* KRB5 hostname prefix rcmd\* KRB4 hostname prefix ldap\* LDAP replication hats root debian localadmin nobody nogroup ============= ======================================== UIDs ---- These should not be allocated via LDAP. ======== ================================================= <1000 reserved for machine-specific services 1000 reserved for localadmin user [nsresv-localadmin]_ 65534 machine-local "nobody" account ======== ================================================= .. [nsresv-localadmin] Note that it's vital that the UID and GID of the user whose .ssh/authorized_keys and .k5login point into the system-wide files in group/admins.pub match the UID/GID on those files, i.e. 1000. We therefore reserve 1000 for machine-local administrative accounts with sudo powers. GIDs ---- These should not be allocated via LDAP, in general. ======== ================================================= 100 UNIX group containing all users <1000 reserved for machine-specific services ======== ================================================= AFS volumes ----------- The suffixes ``.backup`` and ``.readonly`` are reserved for system use, to refer to the BK and RO copies of RW volumes. The following prefixes are conventional within the JHU ACM AFS volume namespace: ========== =============================================== user. User home directories mail. User mail directories scr. User scratch directories group. Group storage volumes gscr. Group scratch volumes service. Service storage volumes servscr. Service scratch volumes ========== ===============================================