Date: Sat, 14 Oct 2006 10:18:44 +0200 From: Jonathan McKeown <jonathan@hst.org.za> To: freebsd-questions@freebsd.org Subject: Re: ports adding users Message-ID: <200610141018.44518.jonathan@hst.org.za> In-Reply-To: <44hcy8c7q0.fsf@be-well.ilk.org> References: <200610121606.04119.jonathan@hst.org.za> <44hcy8c7q0.fsf@be-well.ilk.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Friday 13 October 2006 21:54, Lowell Gilbert wrote: > The convention is, indeed, that users get UIDs from 1000 up. This > doesn't seem to be explicitly described anywhere I can find at the > moment, but it is implemented in adduser(8) -- and the porter's > handbook requires hard-coded UIDs and GIDs to be under 1000 (but > strongly recommends using pw(8) unless there is an important reason > not to do so). Yes. The reality of using pw(8) at port installation time, though, is that the port-created user will get a uid above 1000 - in fact a uid higher than the highest one currently in use, so I can't even just leave a gap in uid numbering for port-created users. This caught me out. > A lot of your problem, though, is that you're trying to combine the > UID (and GID) space of different machines, that have collisions. The > fact that some of those were created by ports isn't really important; > the problem is that the UID maps were created independently and now > need to be combined. No, this isn't the main problem, which is that without some serious forethought (and an awareness of the issue), installing a port can screw up my user management by (quite correctly, as you point out above) using one of ``my'' uids rather than a block set aside for ports which want a uid but don't need to reserve a specific one. More to the point, it can do this at some point in the future, when I decide to install a new port on one server and then have to remember to mark that uid as used throughout my network. > I'm not sure there's a perfect solution, other than planning ahead. Agreed. I think my planning ahead is going to take the form I proposed originally, of adding an /etc/pw.conf (so that ports using pw(8) will use that configuration) forcing allocation within a given uid/gid range, and ensure that I only use numbers outside that range for real users. I mentioned this on the list because I was Astonished (in the POLA sense) to find that my human users and ports-created (effectively system) users were not separated in any way by default, indeed were jumbled together in the sequence of uids/gids. I always like to create a permanent record of things that trip me up! Jonathan
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200610141018.44518.jonathan>