Re: ports adding users
On Friday 13 October 2006 21:54, Lowell Gilbert wrote: The convention is, indeed, that users get UIDs from 1000 up. This doesn't seem to be explicitly described anywhere I can find at the moment, but it is implemented in adduser(8) -- and the porter's handbook requires hard-coded UIDs and GIDs to be under 1000 (but strongly recommends using pw(8) unless there is an important reason not to do so). Yes. The reality of using pw(8) at port installation time, though, is that the port-created user will get a uid above 1000 - in fact a uid higher than the highest one currently in use, so I can't even just leave a gap in uid numbering for port-created users. This caught me out. A lot of your problem, though, is that you're trying to combine the UID (and GID) space of different machines, that have collisions. The fact that some of those were created by ports isn't really important; the problem is that the UID maps were created independently and now need to be combined. No, this isn't the main problem, which is that without some serious forethought (and an awareness of the issue), installing a port can screw up my user management by (quite correctly, as you point out above) using one of ``my'' uids rather than a block set aside for ports which want a uid but don't need to reserve a specific one. More to the point, it can do this at some point in the future, when I decide to install a new port on one server and then have to remember to mark that uid as used throughout my network. I'm not sure there's a perfect solution, other than planning ahead. Agreed. I think my planning ahead is going to take the form I proposed originally, of adding an /etc/pw.conf (so that ports using pw(8) will use that configuration) forcing allocation within a given uid/gid range, and ensure that I only use numbers outside that range for real users. I mentioned this on the list because I was Astonished (in the POLA sense) to find that my human users and ports-created (effectively system) users were not separated in any way by default, indeed were jumbled together in the sequence of uids/gids. I always like to create a permanent record of things that trip me up! Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ports adding users
Jonathan McKeown [EMAIL PROTECTED] writes: This is, I guess, a philosophical question. Twice in the last couple of weeks I have been bitten by ports adding users or groups. In setting up my laptop, I created my user account in sysinstall without creating my group. My ~ was created with the GID corresponding to my UID, but in building KDE, comms/gnokii used pw groupadd and was allocated `my' GID, resulting in my ~ being group-owned by gnokii. More seriously, we are moving our user accounts into LDAP and I now have a problem on a server where I installed net/isc-dhcp3-server before configuring pam_ldap and nss_ldap. As a result the dhcpd user (in /etc/passwd) and one of my user accounts (in LDAP) have the same UID and GID. Disentangling these is going to be... interesting. After some digging about, I see I can effectively reserve a block of UIDs/GIDs by starting my UID numbering at (1001 + x), and creating /etc/pw.conf with reuseuids yes reusegids yes to use the UIDs/GIDs between 1000 and (1000 + x) (otherwise pw just allocates a UID/GID higher than any in use, which puts it right back in my reserved range). Perhaps I should also set the maxuid/maxgid options too, just in case? That's one option. Another is to expect dozens of busy port maintainers to cover for me by reserving UIDs/GIDs instead of creating random users. Another is to arrange somehow that the ports infrastructure provide a pw.conf which can be used when pw is called by ports, that limits the range of UIDs/GIDs that a port can be allocated so that it doesn't overlap with the range generally used for user accounts. The convention is, indeed, that users get UIDs from 1000 up. This doesn't seem to be explicitly described anywhere I can find at the moment, but it is implemented in adduser(8) -- and the porter's handbook requires hard-coded UIDs and GIDs to be under 1000 (but strongly recommends using pw(8) unless there is an important reason not to do so). A lot of your problem, though, is that you're trying to combine the UID (and GID) space of different machines, that have collisions. The fact that some of those were created by ports isn't really important; the problem is that the UID maps were created independently and now need to be combined. Even if the ports and user spaces had been kept separate, there would have been conflicts between ports installed on different machines adding different uids on each, and unless you were planning ahead, with users being created likewise. I'm not sure there's a perfect solution, other than planning ahead. -- Lowell Gilbert, embedded/networking software engineer, Boston area http://be-well.ilk.org/~lowell/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
ports adding users
This is, I guess, a philosophical question. Twice in the last couple of weeks I have been bitten by ports adding users or groups. In setting up my laptop, I created my user account in sysinstall without creating my group. My ~ was created with the GID corresponding to my UID, but in building KDE, comms/gnokii used pw groupadd and was allocated `my' GID, resulting in my ~ being group-owned by gnokii. More seriously, we are moving our user accounts into LDAP and I now have a problem on a server where I installed net/isc-dhcp3-server before configuring pam_ldap and nss_ldap. As a result the dhcpd user (in /etc/passwd) and one of my user accounts (in LDAP) have the same UID and GID. Disentangling these is going to be... interesting. After some digging about, I see I can effectively reserve a block of UIDs/GIDs by starting my UID numbering at (1001 + x), and creating /etc/pw.conf with reuseuids yes reusegids yes to use the UIDs/GIDs between 1000 and (1000 + x) (otherwise pw just allocates a UID/GID higher than any in use, which puts it right back in my reserved range). Perhaps I should also set the maxuid/maxgid options too, just in case? That's one option. Another is to expect dozens of busy port maintainers to cover for me by reserving UIDs/GIDs instead of creating random users. Another is to arrange somehow that the ports infrastructure provide a pw.conf which can be used when pw is called by ports, that limits the range of UIDs/GIDs that a port can be allocated so that it doesn't overlap with the range generally used for user accounts. Thoughts? Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]