Alexander, can you try the latest branch of add-fink-bld again? Directory
Services seems to map uid, passwd, etc. to UniqueID, Password respectively,
but I thought it might be better just to use the latter directly. I also
added an invocation of "dsmemberutil flushcache". I know nothing about this
command but it's name sounds promising.
On Mon, May 14, 2012 at 12:14 AM, Merle Reinhart <merlereinh...@mac.com>wrote:
> Dustin,
>
> This is all potentially going to create issues for enterprise and school
> IT types (the dynamically assigning part). Also, a lot of those situations
> make use of AD for user/group administration and some might be using Open
> Directory via a central Mac OS X Server. If you just look at the local
> database and create a user/group based upon that, there is a possibility
> that you'll override a non-local account (a local account with the same uid
> will override a non-local account) with unpredictable and potentially bad
> results.
>
Hi Merle, thanks for your concerns. I did two things. First, I changed the
method of looking for unused UIDs from dscl to getpwuid and getgrgid, which
should mean that fink will detect UIDs which are in use by either local or
non-local users. Second, the block of UIDs that fink looks at can now be
controlled with a configure option, called AutoUidBase.
It seems to me that if users with Open Directory want fink-bld to have the
same UID on all their computers, then the simplest way is to create this
user on the central server and then on the other computers fink won't touch
the user list. The whole point of Open Directory is to administer these
things centrally, right? On the other hand, if they don't mind fink-bld
being created locally, then AutoUidBase means that it can be forced into
some fixed range which won't be used for centrally assigned UIDs.
One thing that I'm keeping in the back of my mind is that it would be nice
if someday all users created by fink had auto-assigned UIDs. For the near
future only fink-bld will be created with auto-assigned UID, but I want to
think through the design as if fink will potentially be creating further
users with auto-assigned UIDs as it needs them for packages. Thus, the idea
of AutoUidBase is to reserve a whole block of UIDs rather than requesting
them one at a time.
I've never used Open Directory, so maybe I'm all wrong. But does this make
sense to you?
If so, I think the remaining question is: should fink prompt the user
before creating the fink-bld user, something like what the passwd package
does now? My feeling is no, or maybe only on computers using Open
Directory. Without Open Directory, there's no risk of a UID collision and
we're not allowing users to opt out of fink-bld, so I don't see why anyone
would prefer anything other than the auto-assigned UID. Does anyone know if
there's a good way of determining whether or not Open Directory is enabled?
Dustin
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Fink-devel mailing list
Fink-devel@lists.sourceforge.net
List archive:
http://news.gmane.org/gmane.os.apple.fink.devel
Subscription management:
https://lists.sourceforge.net/lists/listinfo/fink-devel
