On 5/14/12 3:44 AM, Dustin Cartwright wrote: > Alexander, can you try the latest branch of add-fink-bld again? > Directory Services seems to map uid, passwd, etc. to UniqueID, Password > respectively, but I thought it might be better just to use the latter > directly. I also added an invocation of "dsmemberutil flushcache". I > know nothing about this command but it's name sounds promising. > > On Mon, May 14, 2012 at 12:14 AM, Merle Reinhart <merlereinh...@mac.com > <mailto:merlereinh...@mac.com>> wrote: > > Dustin, > > This is all potentially going to create issues for enterprise and > school IT types (the dynamically assigning part). Also, a lot of > those situations make use of AD for user/group administration and > some might be using Open Directory via a central Mac OS X Server. > If you just look at the local database and create a user/group > based upon that, there is a possibility that you'll override a > non-local account (a local account with the same uid will override a > non-local account) with unpredictable and potentially bad results. > > > Hi Merle, thanks for your concerns. I did two things. First, I changed > the method of looking for unused UIDs from dscl to getpwuid and > getgrgid, which should mean that fink will detect UIDs which are in use > by either local or non-local users. Second, the block of UIDs that fink > looks at can now be controlled with a configure option, called AutoUidBase. > > It seems to me that if users with Open Directory want fink-bld to have > the same UID on all their computers, then the simplest way is to create > this user on the central server and then on the other computers fink > won't touch the user list. The whole point of Open Directory is to > administer these things centrally, right? On the other hand, if they > don't mind fink-bld being created locally, then AutoUidBase means that > it can be forced into some fixed range which won't be used for centrally > assigned UIDs. > > One thing that I'm keeping in the back of my mind is that it would be > nice if someday all users created by fink had auto-assigned UIDs. For > the near future only fink-bld will be created with auto-assigned UID, > but I want to think through the design as if fink will potentially be > creating further users with auto-assigned UIDs as it needs them for > packages. Thus, the idea of AutoUidBase is to reserve a whole block of > UIDs rather than requesting them one at a time. > > I've never used Open Directory, so maybe I'm all wrong. But does this > make sense to you? > > If so, I think the remaining question is: should fink prompt the user > before creating the fink-bld user, something like what the passwd > package does now? My feeling is no, or maybe only on computers using > Open Directory. Without Open Directory, there's no risk of a UID > collision and we're not allowing users to opt out of fink-bld, so I > don't see why anyone would prefer anything other than the auto-assigned > UID. Does anyone know if there's a good way of determining whether or > not Open Directory is enabled? > > Dustin
After injecting again, removing the fink-bld entries, and doing a selfupdate: $ id fink-bld uid=4294967294(fink-bld) gid=4294967294(nobody) groups=4294967294(nobody),402(com.apple.sharepoint.group.1),403(com.apple.sharepoint.group.2),12(everyone),61(localaccounts) -- Alexander Hansen, Ph.D. Fink User Liaison http://finkakh.wordpress.com/2012/02/21/got-job/ ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Fink-devel mailing list Fink-devel@lists.sourceforge.net List archive: http://news.gmane.org/gmane.os.apple.fink.devel Subscription management: https://lists.sourceforge.net/lists/listinfo/fink-devel
