On Friday 13 October 2006 21:54, Lowell Gilbert wrote: > The convention is, indeed, that users get UIDs from 1000 up. This > doesn't seem to be explicitly described anywhere I can find at the > moment, but it is implemented in adduser(8) -- and the porter's > handbook requires hard-coded UIDs and GIDs to be under 1000 (but > strongly recommends using pw(8) unless there is an important reason > not to do so).
Yes. The reality of using pw(8) at port installation time, though, is that the port-created user will get a uid above 1000 - in fact a uid higher than the highest one currently in use, so I can't even just leave a gap in uid numbering for port-created users. This caught me out. > A lot of your problem, though, is that you're trying to combine the > UID (and GID) space of different machines, that have collisions. The > fact that some of those were created by ports isn't really important; > the problem is that the UID maps were created independently and now > need to be combined. No, this isn't the main problem, which is that without some serious forethought (and an awareness of the issue), installing a port can screw up my user management by (quite correctly, as you point out above) using one of ``my'' uids rather than a block set aside for ports which want a uid but don't need to reserve a specific one. More to the point, it can do this at some point in the future, when I decide to install a new port on one server and then have to remember to mark that uid as used throughout my network. > I'm not sure there's a perfect solution, other than planning ahead. Agreed. I think my planning ahead is going to take the form I proposed originally, of adding an /etc/pw.conf (so that ports using pw(8) will use that configuration) forcing allocation within a given uid/gid range, and ensure that I only use numbers outside that range for real users. I mentioned this on the list because I was Astonished (in the POLA sense) to find that my human users and ports-created (effectively system) users were not separated in any way by default, indeed were jumbled together in the sequence of uids/gids. I always like to create a permanent record of things that trip me up! Jonathan _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"