ports adding users
Jonathan McKeown
jonathan at hst.org.za
Sat Oct 14 01:06:04 PDT 2006
On Friday 13 October 2006 21:54, Lowell Gilbert wrote:
> The convention is, indeed, that users get UIDs from 1000 up. This
> doesn't seem to be explicitly described anywhere I can find at the
> moment, but it is implemented in adduser(8) -- and the porter's
> handbook requires hard-coded UIDs and GIDs to be under 1000 (but
> strongly recommends using pw(8) unless there is an important reason
> not to do so).
Yes. The reality of using pw(8) at port installation time, though, is that the
port-created user will get a uid above 1000 - in fact a uid higher than the
highest one currently in use, so I can't even just leave a gap in uid
numbering for port-created users. This caught me out.
> A lot of your problem, though, is that you're trying to combine the
> UID (and GID) space of different machines, that have collisions. The
> fact that some of those were created by ports isn't really important;
> the problem is that the UID maps were created independently and now
> need to be combined.
No, this isn't the main problem, which is that without some serious
forethought (and an awareness of the issue), installing a port can screw up
my user management by (quite correctly, as you point out above) using one of
``my'' uids rather than a block set aside for ports which want a uid but
don't need to reserve a specific one.
More to the point, it can do this at some point in the future, when I decide
to install a new port on one server and then have to remember to mark that
uid as used throughout my network.
> I'm not sure there's a perfect solution, other than planning ahead.
Agreed. I think my planning ahead is going to take the form I proposed
originally, of adding an /etc/pw.conf (so that ports using pw(8) will use
that configuration) forcing allocation within a given uid/gid range, and
ensure that I only use numbers outside that range for real users.
I mentioned this on the list because I was Astonished (in the POLA sense) to
find that my human users and ports-created (effectively system) users were
not separated in any way by default, indeed were jumbled together in the
sequence of uids/gids. I always like to create a permanent record of things
that trip me up!
Jonathan
More information about the freebsd-questions
mailing list