Jonathan McKeown [EMAIL PROTECTED] writes:
This is, I guess, a philosophical question.
Twice in the last couple of weeks I have been bitten by ports adding users or
groups. In setting up my laptop, I created my user account in sysinstall
without creating my group. My ~ was created with the GID corresponding to my
UID, but in building KDE, comms/gnokii used pw groupadd and was allocated
`my' GID, resulting in my ~ being group-owned by gnokii.
More seriously, we are moving our user accounts into LDAP and I now have a
problem on a server where I installed net/isc-dhcp3-server before configuring
pam_ldap and nss_ldap. As a result the dhcpd user (in /etc/passwd) and one of
my user accounts (in LDAP) have the same UID and GID. Disentangling these is
going to be... interesting.
After some digging about, I see I can effectively reserve a block of
UIDs/GIDs
by starting my UID numbering at (1001 + x), and creating /etc/pw.conf with
reuseuids yes
reusegids yes
to use the UIDs/GIDs between 1000 and (1000 + x) (otherwise pw just allocates
a UID/GID higher than any in use, which puts it right back in my reserved
range). Perhaps I should also set the maxuid/maxgid options too, just in
case?
That's one option.
Another is to expect dozens of busy port maintainers to cover for me by
reserving UIDs/GIDs instead of creating random users.
Another is to arrange somehow that the ports infrastructure provide a pw.conf
which can be used when pw is called by ports, that limits the range of
UIDs/GIDs that a port can be allocated so that it doesn't overlap with the
range generally used for user accounts.
The convention is, indeed, that users get UIDs from 1000 up. This
doesn't seem to be explicitly described anywhere I can find at the
moment, but it is implemented in adduser(8) -- and the porter's
handbook requires hard-coded UIDs and GIDs to be under 1000 (but
strongly recommends using pw(8) unless there is an important reason
not to do so).
A lot of your problem, though, is that you're trying to combine the
UID (and GID) space of different machines, that have collisions. The
fact that some of those were created by ports isn't really important;
the problem is that the UID maps were created independently and now
need to be combined. Even if the ports and user spaces had been kept
separate, there would have been conflicts between ports installed on
different machines adding different uids on each, and unless you were
planning ahead, with users being created likewise.
I'm not sure there's a perfect solution, other than planning ahead.
--
Lowell Gilbert, embedded/networking software engineer, Boston area
http://be-well.ilk.org/~lowell/
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]