Underscores in some directory user,
group names (Postfix MacPort example)
Tabitha McNerney
tabithamc at gmail.com
Mon Jan 14 03:57:10 PST 2008
On 1/13/08, Jordan K. Hubbard <jkh at apple.com> wrote:
>
> I'm sorry, Tabitha, but I've read this message twice and I still have no
> idea just what question it is you're actually asking here. :-)
> - Jordan
>
Jordan, I'll try to rephrase my question to hopefully clarify:
Why doesn't Apple include, in Mac OS X Server 10.5, a local directory entry
of a user user named "_ldap"?
A follow up question:
What criteria did Apple use for selecting names, in the local directory
domain of Mac OS X Server 10.5, which were eligible to receive an underscore
prefix?
What triggered my question was the MacPorts openldap installation on Leopard
Server creates a local directory user named "ldap" but I half expected in
Leopard to find a prexisting user named "_ldap" in the local directory
(courtesy of Apple), considering some of the other underscored prefixed Unix
user names that prexist courtesy of Apple as _postfix
Thank you,
T.M.
On Jan 13, 2008, at 9:17 PM, Tabitha McNerney wrote:
>
> Hello Jordan, et al:
>
> Today I was reading my documentation for running a separate OpenLDAP
> daemon on an Xserve running Leopard Server. I installed the openldap MacPort
> (which is based on OpenLDAP version 2.3.35) and I was somewhat surprised
> that the installation created a user with short name "ldap" and a UID of 500
> (with a group short name of "ldap" and a gid of 502). The reason this
> surprised me is that Apple ships with Leopard Server a compilation instance
> of OpenLDAP 2.3.27 which is of course the basis for OpenDirectory, and
> which slapd daemon is run by root apparently at boot time (I presume there
> is a launchd plist for this but I haven't looked yet).
>
> Now, therefore, considering the logic of using underscores as prefixes to
> avoid namespace collisions since the founders of Unix didn't consider this
> to be a problem in the 1970s / 1980s, and considering the examples of uids
> and gids whose corresponding short names that reside in the local domain
> directory that Apple ships with Leopard Server are, in examples:
>
> _postfix
> _postdrop
> _guest
> _xgridagent
> _spotlight
> _mysql
> _svn
> _www
> _jabber
> _sshd
>
> and the list goes on ...
>
> Why oh why do I not see (when I search the local directory domain of my
> Leopard Server 10.5.1 instance using WorkgGroup Manager to search on names
> with underscores in them):
>
> _ldap ???
>
> Am I out of my mind that the ommission of "_ldap" is illogical and without
> basis and is inconsistent with the namespace issue that has been raised
> herein this discussoin thread thus far? Would it not be possible, for
> example, for a person to accidentally choose a short user name of "ldap"
> just as they might also accidentally do so with a name such as "postfix"?
> Why does life have to be so complicated -- meaning, why do humans create
> their own unnecessary complexity? We have too many rules we have to
> remember. Where oh where is my missing friend in Leopard's local directory
> domain named, "_ldap"? Thus as a result, the openldap MacPort created a
> separate user account named "ldap". Ugh!
>
> Thanks,
>
> T.M.
>
> On 1/5/08, Tabitha McNerney <tabithamc at gmail.com> wrote:
> >
> >
> >
> > On 1/4/08, Jordan K. Hubbard < jkh at apple.com> wrote:
> > >
> > > This is because the original designers of Unix neglected to take into
> > > account the notion of user namespaces - the namespace is flat. That
> > > means that system or role specific names can conflict with names that
> > > users would like to use for themselves ( c.f. "admin" or "operator")
> > > unless you adopt a convention for keeping them separate. That
> > > convention is the prefix underscore.
> > >
> > > - Jordan
> >
> >
> > Jordan,
> >
> > Thank you very much. Makes perfect sense. Its hard to find fault with
> > the original designers of Unix (they probably never would have guessed,
> > decades later, that individuals in the comfort of their own homes would run
> > Unix on a machine that sits in their lap)!
> >
> > Best,
> >
> > T.M.
> >
> > On Jan 4, 2008, at 5:29 PM, Tabitha McNerney wrote:
> > >
> > > > Hello all --
> > > >
> > > > I just installed the current version of the Postfix port (version
> > > > 2.4.6) on a Leopard Server system.
> > > >
> > > > After the install, I noticed a username and group name of "_postfix"
> > >
> > > > and "_postdrop" respectively, as in:
> > > > drwx--x--- 2 _postfix _postdrop 102 Jan 4 23:06 public/
> > > > drwx-wx--- 2 _postfix _postdrop 102 Jan 4 23:06 maildrop/
> > > > This differs from previous Postfix port installations (UID 27 was
> > > > "postfix" not "_postfix"). This isn't really a MacPorts specific
> > > > issue but I'm wondering if anyone knows why Apple changed their
> > > > naming schema on Leopard, for short names such as:
> > > >
> > > > from "postfix" to "_postfix"
> > > >
> > > > ?
> > > >
> > > > I wonder if this has something to do with becoming fully UNIX
> > > > compliant? POSIX?
> > > >
> > > > Mr. Jordan Hubbard, can you offer some wisdom and perspective on
> > > > this subject?
> > > >
> > > > Thank you,
> > > >
> > > > T.M.
> > > >
> > >
> > >
> >
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.macosforge.org/pipermail/macports-users/attachments/20080114/30f02af7/attachment.html
More information about the macports-users
mailing list