MacPorts is hijacking account on MacOSXServer
David L Ballenger
dlb at davidlballenger.com
Mon Jul 25 18:50:38 PDT 2011
On Jul 25, 2011, at 5:50 PM, Scott Webster wrote:
> On Mon, Jul 25, 2011 at 5:43 PM, David L Ballenger
> <dlb at davidlballenger.com> wrote:
>> - Install macports on client B, macports created as local account on B with UID 1042.
>> - Create another OD account, it gets UID 1042 since WorkGroup Manager can't see
>> the local directory of client B. Now user with UID 1042 can't log in to client B.
>>
>
> Wouldn't this be a problem with any account being created on client B?
> If you choose to use UID 1042 for whatever reason, then the server
> won't know about it. I guess if you are using this OD system then you
> are just not supposed to create UIDs on client machines in a possible
> OD range?
>
> Scott
It potentially could be a problem.
However, it seems that if you're using System Preferences to create local accounts it seems to work it's way up from 501, with 501 being your first user account. It does seem to skip holes. For example, on my laptop I currently have the following local user account UIDs, not counting those "systems accounts below 500:
- 501 - the local administrator account
- 503 - messagebus from some install of dbus that probably got
pulled in as some dependency. Note that this must have been
before I bound my laptop to the OD domain on my OS X Server.
- 999 - macports, or rather what I changed macports to after I saw
Rodolfo's original message in this trhead and realized
it was conflicting with my OD accounts.
- 1025 - my personal account, a mobile account on my laptop (in the
local domain, and paired to my account in the OD domain).
Before binding my laptop to my OD domain, my personal account
had UID 502, which is why there is a hole in the sequence.
It also involved much shuffling of files, yada, yada, yada.
- When I created the local test account with this setup the resulting UID was 504
I don't know if the system is explicitly keeping track of account deletions, but it's not just simply going with 1+ the highest UID of the local accounts.
WorkGroup Manager with OS X Server creates Open Directory accounts starting with UID 1025. If for some reason you have a local account on the Open Directory master that has a UID ≥ 1025, WorkGroup Manager won't reuse that.
So if you go through the standard GUI's you're probably not going to encounter this unless you've got a lot (500+) local accounts.
If the account creation process in macports followed a similar process to what System Preferences uses to find a free UID it seems like we would have a better chance of avoiding the problem.
- David
More information about the macports-dev
mailing list