Re: Is it possible to influence at what UID MacPorts start to create users?

2019-08-16 Thread Ryan Schmidt 



On Aug 16, 2019, at 01:31, Gerben Wierda wrote:

> So, what I need is build macports from source if I want to change this 
> behaviour? 

Yes... the MIN_USABLE_UID / MIN_USABLE_GID configure script variables are 
referenced in src/pextlib1.0/Pextlib.c, which gets compiled into a library, 
which gets loaded by MacPorts. To change those values, the library will have to 
be recompiled. You can either change the values in the configure script before 
you run it (or in the configure.ac file, and then regenerate the configure 
script by using autoreconf), or else you can edit the values in the 
src/config.h file after you run configure.

There may be a way to influence the values of these variables by passing 
autoconf variables as flags to the configure script when you run it, but in a 
brief test I was not able to find it.

Re: Is it possible to influence at what UID MacPorts start to create users?

2019-08-16 Thread Gerben Wierda 

> On 16 Aug 2019, at 01:13, Ryan Schmidt  wrote:
> 
> 
> 
> On Aug 14, 2019, at 17:49, Gerben Wierda wrote:
> 
>> If this is a bug, I suggest using 600, not 500 for the fix.100 local users 
>> on a mac seems adequate (like 640kB…) and server starts at 1025, so ample 
>> room for services.
> 
> As I said, I believe our intention was to use the same range of UIDs and GIDs 
> that Apple used to create normal user accounts. If Apple starts at 501, it 
> was a bug for us to start at 500, and the fix for the bug would be to start 
> at 501.
> 
> Note that we also create a "macports" user and group at MacPorts installation 
> time. The code for that is separate from the code that creates users and 
> groups for ports. There are two copies of the "macports" user/group creation 
> code: one in Makefile.in for users who build from source, and one in the 
> Installer package, the source for which is in portmgr/dmg/postflight.in. Both 
> of these search for an empty UID starting at 501, not 500. And they don't 
> specify what range to use for group IDs; they just ask the system for the 
> next free GID.
> 
> If you want our range not to overlap Apple's range, that's a separate feature 
> request that we could certainly consider. Off the top of my head I can't 
> think of any problems with that but I don't know why it was originally chosen 
> to overlap Apple's range.
> 
> Note that our user handling originates from an old version of Mac OS X in 
> which Apple created both a UID and a GID for each user. (Tiger and earlier 
> maybe?) Current versions of macOS no longer do that; for example my main user 
> is not a member of its own group, but rather of the group "staff". I don't 
> know if it still makes sense for us to create a separate group for each user 
> that we create, but I suppose that's another separate issue.

I know that latter. For services and daemons, Apple still creates user/groups 
with identical separate names. And these are what the MacPorts generally need. 
For actual users, even in the NeXT days if I recall correctly, it was multiple 
users in a group like staff/admin/wheel (very early, the latter two for admin 
users), but I might be wrong here.

luna:~ gerben$ dscl . -list /Users
_amavisd
_analyticsd
_appleevents
_applepay
_appowner
_appserver
_appstore
etc

luna:~ gerben$ dscl . -list /Groups
_amavisd
_analyticsd
_analyticsusers
_appleevents
_applepay
_appowner
_appserveradm
_appserverusr
_appstore
etc

If you have multiple Macs and you want to have the same uid for users on them, 
you create them in the same order. Now, normally you do that at the start 
before you get to do things like MacPorts, but in this case I did not.

So, what I need is build macports from source if I want to change this 
behaviour? 

G

Re: Is it possible to influence at what UID MacPorts start to create users?

2019-08-15 Thread Ryan Schmidt 



On Aug 14, 2019, at 17:49, Gerben Wierda wrote:

> If this is a bug, I suggest using 600, not 500 for the fix.100 local users on 
> a mac seems adequate (like 640kB…) and server starts at 1025, so ample room 
> for services.

As I said, I believe our intention was to use the same range of UIDs and GIDs 
that Apple used to create normal user accounts. If Apple starts at 501, it was 
a bug for us to start at 500, and the fix for the bug would be to start at 501.

Note that we also create a "macports" user and group at MacPorts installation 
time. The code for that is separate from the code that creates users and groups 
for ports. There are two copies of the "macports" user/group creation code: one 
in Makefile.in for users who build from source, and one in the Installer 
package, the source for which is in portmgr/dmg/postflight.in. Both of these 
search for an empty UID starting at 501, not 500. And they don't specify what 
range to use for group IDs; they just ask the system for the next free GID.

If you want our range not to overlap Apple's range, that's a separate feature 
request that we could certainly consider. Off the top of my head I can't think 
of any problems with that but I don't know why it was originally chosen to 
overlap Apple's range.

Note that our user handling originates from an old version of Mac OS X in which 
Apple created both a UID and a GID for each user. (Tiger and earlier maybe?) 
Current versions of macOS no longer do that; for example my main user is not a 
member of its own group, but rather of the group "staff". I don't know if it 
still makes sense for us to create a separate group for each user that we 
create, but I suppose that's another separate issue.

Re: Is it possible to influence at what UID MacPorts start to create users?

2019-08-14 Thread Gerben Wierda 
If this is a bug, I suggest using 600, not 500 for the fix.100 local users on a 
mac seems adequate (like 640kB…) and server starts at 1025, so ample room for 
services.

I’d rather not create my own macports port, it is complex enough as it is.

Gerben Wierda
Chess and the Art of Enterprise Architecture 
Mastering ArchiMate 
Architecture for Real Enterprises 
 at InfoWorld
On Slippery Ice  at EAPJ

> On 14 Aug 2019, at 23:55, Ryan Schmidt  wrote:
> 
> 
> 
> On Aug 14, 2019, at 16:36, Gerben Wierda wrote:
> 
>> If you create local userson macOS, it starts with uid 501 and then goes up. 
>> (for network users it always (still?) started with 1025 and then goes up.
>> 
>> MacPorts, when it creates users, starts with 500 and then goes up.
> 
> I noticed that too... I think this is a bug. I think we meant to start user 
> IDs at 501, just like Apple. In ./src/pextlib1.0/Pextlib.c the comment 
> describing the function NextuidCmd says it will "Find the first unused UID > 
> 500" but it actually starts at the value of MIN_USABLE_UID which the 
> configure script hardcodes as 500.
> 
> 
>> So, depending on the order of creation, the same user has different uid 
>> (same for groups). It is not generally a problem, but I don’t like it. 
>> Depending on the order of actions on a system you get different uids for 
>> different MacPorts-generated users, intermingled with created local users.
>> 
>> I’d like to tell macports to start at another number, to lessen the chance 
>> of this.
> 
> There isn't a setting for the user to change this. If you want to change it, 
> you'll have to edit the number in the MacPorts base configure script, 
> reconfigure, and recompile.
> 
> Just make sure you don't use UIDs less than 500, which are reserved.
>

Re: Is it possible to influence at what UID MacPorts start to create users?

2019-08-14 Thread Ryan Schmidt 



On Aug 14, 2019, at 16:36, Gerben Wierda wrote:

> If you create local userson macOS, it starts with uid 501 and then goes up. 
> (for network users it always (still?) started with 1025 and then goes up.
> 
> MacPorts, when it creates users, starts with 500 and then goes up.

I noticed that too... I think this is a bug. I think we meant to start user IDs 
at 501, just like Apple. In ./src/pextlib1.0/Pextlib.c the comment describing 
the function NextuidCmd says it will "Find the first unused UID > 500" but it 
actually starts at the value of MIN_USABLE_UID which the configure script 
hardcodes as 500.


> So, depending on the order of creation, the same user has different uid (same 
> for groups). It is not generally a problem, but I don’t like it. Depending on 
> the order of actions on a system you get different uids for different 
> MacPorts-generated users, intermingled with created local users.
> 
> I’d like to tell macports to start at another number, to lessen the chance of 
> this.

There isn't a setting for the user to change this. If you want to change it, 
you'll have to edit the number in the MacPorts base configure script, 
reconfigure, and recompile.

Just make sure you don't use UIDs less than 500, which are reserved.