ports adding users

Jonathan McKeown jonathan at hst.org.za
Sat Oct 14 01:06:04 PDT 2006 

On Friday 13 October 2006 21:54, Lowell Gilbert wrote:

> The convention is, indeed, that users get UIDs from 1000 up.  This
> doesn't seem to be explicitly described anywhere I can find at the
> moment, but it is implemented in adduser(8) -- and the porter's
> handbook requires hard-coded UIDs and GIDs to be under 1000 (but
> strongly recommends using pw(8) unless there is an important reason
> not to do so).

Yes. The reality of using pw(8) at port installation time, though, is that the 
port-created user will get a uid above 1000 - in fact a uid higher than the 
highest one currently in use, so I can't even just leave a gap in uid 
numbering for port-created users. This caught me out.

> A lot of your problem, though, is that you're trying to combine the
> UID (and GID) space of different machines, that have collisions.  The
> fact that some of those were created by ports isn't really important;
> the problem is that the UID maps were created independently and now
> need to be combined.

No, this isn't the main problem, which is that without some serious 
forethought (and an awareness of the issue), installing a port can screw up 
my user management by (quite correctly, as you point out above) using one of 
``my'' uids rather than a block set aside for ports which want a uid but 
don't need to reserve a specific one.

More to the point, it can do this at some point in the future, when I decide 
to install a new port on one server and then have to remember to mark that 
uid as used throughout my network.

> I'm not sure there's a perfect solution, other than planning ahead.

Agreed. I think my planning ahead is going to take the form I proposed 
originally, of adding an /etc/pw.conf (so that ports using pw(8) will use 
that configuration) forcing allocation within a given uid/gid range, and 
ensure that I only use numbers outside that range for real users.

I mentioned this on the list because I was Astonished (in the POLA sense) to 
find that my human users and ports-created (effectively system) users were 
not separated in any way by default, indeed were jumbled together in the 
sequence of uids/gids. I always like to create a permanent record of things 
that trip me up!

Jonathan

More information about the freebsd-questions mailing list