Jonathan McKeown <[EMAIL PROTECTED]> writes: > This is, I guess, a philosophical question. > > Twice in the last couple of weeks I have been bitten by ports adding users or > groups. In setting up my laptop, I created my user account in sysinstall > without creating my group. My ~ was created with the GID corresponding to my > UID, but in building KDE, comms/gnokii used pw groupadd and was allocated > `my' GID, resulting in my ~ being group-owned by gnokii. > > More seriously, we are moving our user accounts into LDAP and I now have a > problem on a server where I installed net/isc-dhcp3-server before configuring > pam_ldap and nss_ldap. As a result the dhcpd user (in /etc/passwd) and one of > my user accounts (in LDAP) have the same UID and GID. Disentangling these is > going to be... interesting. > > After some digging about, I see I can effectively reserve a block of > UIDs/GIDs > by starting my UID numbering at (1001 + x), and creating /etc/pw.conf with > > reuseuids yes > reusegids yes > > to use the UIDs/GIDs between 1000 and (1000 + x) (otherwise pw just allocates > a UID/GID higher than any in use, which puts it right back in my reserved > range). Perhaps I should also set the maxuid/maxgid options too, just in > case? > > That's one option. > > Another is to expect dozens of busy port maintainers to cover for me by > reserving UIDs/GIDs instead of creating random users. > > Another is to arrange somehow that the ports infrastructure provide a pw.conf > which can be used when pw is called by ports, that limits the range of > UIDs/GIDs that a port can be allocated so that it doesn't overlap with the > range generally used for user accounts.
The convention is, indeed, that users get UIDs from 1000 up. This doesn't seem to be explicitly described anywhere I can find at the moment, but it is implemented in adduser(8) -- and the porter's handbook requires hard-coded UIDs and GIDs to be under 1000 (but strongly recommends using pw(8) unless there is an important reason not to do so). A lot of your problem, though, is that you're trying to combine the UID (and GID) space of different machines, that have collisions. The fact that some of those were created by ports isn't really important; the problem is that the UID maps were created independently and now need to be combined. Even if the ports and user spaces had been kept separate, there would have been conflicts between ports installed on different machines adding different uids on each, and unless you were planning ahead, with users being created likewise. I'm not sure there's a perfect solution, other than planning ahead. -- Lowell Gilbert, embedded/networking software engineer, Boston area http://be-well.ilk.org/~lowell/ _______________________________________________ firstname.lastname@example.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"