Dustin,

This is all potentially going to create issues for enterprise and school IT 
types (the dynamically assigning part).  Also, a lot of those situations make 
use of AD for user/group administration and some might be using Open Directory 
via a central Mac OS X Server.  If you just look at the local database and 
create a user/group based upon that, there is a possibility that you'll 
override a non-local account (a local account with the same uid will override a 
non-local account) with unpredictable and potentially bad results.

In those environments, it is far simpler to reserve a single uid/gid for 
fink-bld (ie, it is more likely to fly with the IT admins).

One possibility would be make the id static or dynamic based upon a 
configuration setting in fink.conf.  I think you'll wind up with a lot less 
push-back from IT admins.

On a side note, Alexander's situation looks very similar to something we've 
seen once in a while where I work.  It was on Snow Leopard talking to an AD 
server for user authentication.  Sometimes, we see very weird high uid's or 
gid's like Alexander is seeing. We've never been able to figure out why.  Most 
of the time a reboot or two clears the problem (our guess is some cache has 
gotten corrupted).

Merle



On May 12, 2012, at 9:39 AM, Dustin Cartwright wrote:

> Hi,
> 
> The DirectoryServices daemon turns out to be open source, so I tried looking 
> at the source for insight into this problem. There's some code in there which 
> seems to be defaulting the UID to -1, but I couldn't make sense of why it was 
> getting invoked on 10.7 but not 10.6. I made some tweaks to my branch, 
> including assigning a UID and creating the user in one step rather than as 
> separate steps. Alexander, can you check to see if this works for you now? 
> Also, it would be great if someone could test it on 10.5. The branch is at 
> https://github.com/dustinac/fink/tree/add-fink-bld
> 
> Also, I found a comment in a MacPorts bug report: 
> https://github.com/dustinac/fink/tree/add-fink-bld which says that UIDs less 
> than 500 are reserved by Apple. So, I decided to change the auto-assign range 
> to 600-699, which is also separated from regular users, whose IDs start at 
> 500.
> 
> Dustin
> 
> On Fri, May 11, 2012 at 1:23 AM, Alexander Hansen 
> <alexanderk.han...@gmail.com> wrote:
> On 5/10/12 3:06 PM, Alexander Hansen wrote:
> > On 5/10/12 11:04 AM, Dustin Cartwright wrote:
> >> On Thu, May 10, 2012 at 6:07 PM, Alexander Hansen
> >> <alexanderk.han...@gmail.com <mailto:alexanderk.han...@gmail.com>> wrote:
> >>
> >>     It didn't do the right thing for me, apparently:
> >>
> >>     Adding user and group fink-bld for building packages unprivileged
> >>     No packages to install.
> >>
> >>     The core packages have been updated. You should now update the other
> >>     packages
> >>     using commands like 'fink update-all'.
> >>
> >>     Alexanders-MacBook-Pro:my_fink hansen$ id fink-bld
> >>     uid=4294967294(fink-bld) gid=4294967294(nobody)
> >>     
> >> groups=4294967294(nobody),402(com.apple.sharepoint.group.1),403(com.apple.sharepoint.group.2),12(everyone),61(localaccounts)
> >>
> >>     (OS 10.7.4, if it matters)
> >>
> >>
> >> Strange. It worked for me on 10.6.8. One difference I noticed between
> >> the passwd package and the new code is that the former adds the users
> >> and then the groups whereas the latter adds the fink-bld group and then
> >> the fink-bld user. I'm not really sure how, but this could be making the
> >> difference. I changed the order in my branch. Can you try again with the
> >> updated version? If that doesn't fix it, what happens if you delete the
> >> fink-bld user, but not the group?
> >>
> >> Dustin
> >
> > I made some debugging progress.
> >
> > On 10.7 I get:
> >
> > $ dscl . -read  /Users/fink-bld gid
> > dsAttrTypeNative:gid: 280
> > Alexanders-MacBook-Pro:my_fink hansen$ id fink-bld
> > uid=4294967294(fink-bld) gid=4294967294(nobody)
> > groups=4294967294(nobody),402(com.apple.sharepoint.group.1),403(com.apple.sharepoint.group.2),12(everyone),61(localaccounts)
> >
> > On 10.6, on the other hand, from an absolutely identical fink checkout:
> > $ id fink-bld
> > uid=280(fink-bld) gid=280(fink-bld)
> > groups=280(fink-bld),101(com.apple.sharepoint.group.1),61(localaccounts),12(everyone),102(com.apple.sharepoint.group.2)
> >
> > I'm not sure why it's being balky on 10.7.
> 
> On 10.7, everything seems to get set properly after one more selfupdate:
> 
> Alexanders-MacBook-Pro:web hansen$ id fink-bld
> uid=4294967294(fink-bld) gid=4294967294(nobody)
> groups=4294967294(nobody),402(com.apple.sharepoint.group.1),403(com.apple.sharepoint.group.2),12(everyone),61(localaccounts)
> Alexanders-MacBook-Pro:web hansen$ id fink-bld
> uid=4294967294(fink-bld) gid=4294967294(nobody)
> groups=4294967294(nobody),402(com.apple.sharepoint.group.1),403(com.apple.sharepoint.group.2),12(everyone),61(localaccounts)
> <selfupdate here>
> Alexanders-MacBook-Pro:web hansen$ id fink-bld
> uid=280(fink-bld) gid=280(fink-bld)
> groups=280(fink-bld),402(com.apple.sharepoint.group.1),403(com.apple.sharepoint.group.2),12(everyone),61(localaccounts)
> 
> 
> --
> Alexander Hansen, Ph.D.
> Fink User Liaison
> http://finkakh.wordpress.com/2012/02/21/got-job/
> 
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and 
> threat landscape has changed and how IT managers can respond. Discussions 
> will include endpoint security, mobile security and the latest in malware 
> threats. 
> http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/_______________________________________________
> Fink-devel mailing list
> Fink-devel@lists.sourceforge.net
> List archive:
> http://news.gmane.org/gmane.os.apple.fink.devel
> Subscription management:
> https://lists.sourceforge.net/lists/listinfo/fink-devel


------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Fink-devel mailing list
Fink-devel@lists.sourceforge.net
List archive:
http://news.gmane.org/gmane.os.apple.fink.devel
Subscription management:
https://lists.sourceforge.net/lists/listinfo/fink-devel

Reply via email to