From owner-freebsd-questions@FreeBSD.ORG Sat Oct 14 08:06:04 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2B20C16A407 for ; Sat, 14 Oct 2006 08:06:04 +0000 (UTC) (envelope-from jonathan@hst.org.za) Received: from ctb-mesg8.saix.net (ctb-mesg8.saix.net [196.25.240.78]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6150843D53 for ; Sat, 14 Oct 2006 08:06:02 +0000 (GMT) (envelope-from jonathan@hst.org.za) Received: from [172.16.0.1] (dsl-145-90-178.telkomadsl.co.za [165.145.90.178]) by ctb-mesg8.saix.net (Postfix) with ESMTP id DD5FC2ED6 for ; Sat, 14 Oct 2006 10:05:59 +0200 (SAST) From: Jonathan McKeown To: freebsd-questions@freebsd.org Date: Sat, 14 Oct 2006 10:18:44 +0200 User-Agent: KMail/1.8 References: <200610121606.04119.jonathan@hst.org.za> <44hcy8c7q0.fsf@be-well.ilk.org> In-Reply-To: <44hcy8c7q0.fsf@be-well.ilk.org> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200610141018.44518.jonathan@hst.org.za> Subject: Re: ports adding users X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 14 Oct 2006 08:06:04 -0000 On Friday 13 October 2006 21:54, Lowell Gilbert wrote: > The convention is, indeed, that users get UIDs from 1000 up. This > doesn't seem to be explicitly described anywhere I can find at the > moment, but it is implemented in adduser(8) -- and the porter's > handbook requires hard-coded UIDs and GIDs to be under 1000 (but > strongly recommends using pw(8) unless there is an important reason > not to do so). Yes. The reality of using pw(8) at port installation time, though, is that the port-created user will get a uid above 1000 - in fact a uid higher than the highest one currently in use, so I can't even just leave a gap in uid numbering for port-created users. This caught me out. > A lot of your problem, though, is that you're trying to combine the > UID (and GID) space of different machines, that have collisions. The > fact that some of those were created by ports isn't really important; > the problem is that the UID maps were created independently and now > need to be combined. No, this isn't the main problem, which is that without some serious forethought (and an awareness of the issue), installing a port can screw up my user management by (quite correctly, as you point out above) using one of ``my'' uids rather than a block set aside for ports which want a uid but don't need to reserve a specific one. More to the point, it can do this at some point in the future, when I decide to install a new port on one server and then have to remember to mark that uid as used throughout my network. > I'm not sure there's a perfect solution, other than planning ahead. Agreed. I think my planning ahead is going to take the form I proposed originally, of adding an /etc/pw.conf (so that ports using pw(8) will use that configuration) forcing allocation within a given uid/gid range, and ensure that I only use numbers outside that range for real users. I mentioned this on the list because I was Astonished (in the POLA sense) to find that my human users and ports-created (effectively system) users were not separated in any way by default, indeed were jumbled together in the sequence of uids/gids. I always like to create a permanent record of things that trip me up! Jonathan