Firstyear

> Sometimes it is okay to use good known already existing tools The issue is it makes our testing matrix blow up. I have been extremely burnt by projects that...

Honestly, I don't think this is an issue we can directly solve. I think this is an issue with podman and how it's attempting to do "non-root" containers (I certainly...

@vDorst Perhaps it's worth putting a disclaimer in the book for posix_accounts that this interaction occurs with podman, so that this knowledge isn't lost?

@bolu61 I think the conclusion we came to before is that it will be hard to fix. I'm not 100% sure how ipa does this, but we basicly would need...

> generating slightly smaller IDs But we can't (easily) do this. Today we generate gids from the uuid. ( https://kanidm.github.io/kanidm/stable/posix_accounts.html#gid-number-generation ) The challenge is if we reduce the pool that...

Perhaps the only way to proceed here is for subid ranges to be manually configured by the user, and they have to be responsible for the gid allocation then.

> Yea there are definitely challenges. > > But the letting user allocate gid manually will require an additional component to maintain: the user need to store states somewhere that...

> So we've got u32 UIDs to play with in modern systems, since they seem to limit it to that. > > Let's try giving them 32 SUB_UIDs per user....

> How is this conflict handled when two users are created in isolation? Is one them reverted? We could just assume the same behaviour for gidnumbers. Although if eventual consistency...

Manual shard allocations comes with a stack of other issues. I want to think about this more, I think we need a design document first with the possible solutions, pros/cons,...