ports adding users

Lowell Gilbert freebsd-questions-local at be-well.ilk.org
Fri Oct 13 12:54:16 PDT 2006

Jonathan McKeown <jonathan at hst.org.za> writes:

> This is, I guess, a philosophical question.
> Twice in the last couple of weeks I have been bitten by ports adding users or 
> groups. In setting up my laptop, I created my user account in sysinstall 
> without creating my group. My ~ was created with the GID corresponding to my 
> UID, but in building KDE, comms/gnokii used pw groupadd and was allocated 
> `my' GID, resulting in my ~ being group-owned by gnokii.
> More seriously, we are moving our user accounts into LDAP and I now have a 
> problem on a server where I installed net/isc-dhcp3-server before configuring 
> pam_ldap and nss_ldap. As a result the dhcpd user (in /etc/passwd) and one of 
> my user accounts (in LDAP) have the same UID and GID. Disentangling these is 
> going to be... interesting.
> After some digging about, I see I can effectively reserve a block of UIDs/GIDs 
> by starting my UID numbering at (1001 + x), and creating /etc/pw.conf with
> reuseuids yes
> reusegids yes
> to use the UIDs/GIDs between 1000 and (1000 + x) (otherwise pw just allocates 
> a UID/GID higher than any in use, which puts it right back in my reserved 
> range). Perhaps I should also set the maxuid/maxgid options too, just in 
> case?
> That's one option.
> Another is to expect dozens of busy port maintainers to cover for me by 
> reserving UIDs/GIDs instead of creating random users.
> Another is to arrange somehow that the ports infrastructure provide a pw.conf 
> which can be used when pw is called by ports, that limits the range of 
> UIDs/GIDs that a port can be allocated so that it doesn't overlap with the 
> range generally used for user accounts.

The convention is, indeed, that users get UIDs from 1000 up.  This
doesn't seem to be explicitly described anywhere I can find at the
moment, but it is implemented in adduser(8) -- and the porter's
handbook requires hard-coded UIDs and GIDs to be under 1000 (but
strongly recommends using pw(8) unless there is an important reason
not to do so).

A lot of your problem, though, is that you're trying to combine the
UID (and GID) space of different machines, that have collisions.  The
fact that some of those were created by ports isn't really important;
the problem is that the UID maps were created independently and now
need to be combined.  Even if the ports and user spaces had been kept
separate, there would have been conflicts between ports installed on
different machines adding different uids on each, and unless you were
planning ahead, with users being created likewise.

I'm not sure there's a perfect solution, other than planning ahead.

Lowell Gilbert, embedded/networking software engineer, Boston area

More information about the freebsd-questions mailing list