On Mon, Jul 25, 2011 at 20:50, David L Ballenger <d...@davidlballenger.com> wrote: > > On Jul 25, 2011, at 5:50 PM, Scott Webster wrote: > >> On Mon, Jul 25, 2011 at 5:43 PM, David L Ballenger >> <d...@davidlballenger.com> wrote: >>> - Install macports on client B, macports created as local account on B >>> with UID 1042. >>> - Create another OD account, it gets UID 1042 since WorkGroup Manager >>> can't see >>> the local directory of client B. Now user with UID 1042 can't log in to >>> client B. >>> >> >> Wouldn't this be a problem with any account being created on client B? >> If you choose to use UID 1042 for whatever reason, then the server >> won't know about it. I guess if you are using this OD system then you >> are just not supposed to create UIDs on client machines in a possible >> OD range? >> >> Scott > > It potentially could be a problem. > > However, it seems that if you're using System Preferences to create local > accounts it seems to work it's way up from 501, with 501 being your first > user account. It does seem to skip holes. For example, on my laptop I > currently have the following local user account UIDs, not counting those > "systems accounts below 500: > > - 501 - the local administrator account > - 503 - messagebus from some install of dbus that probably got > pulled in as some dependency. Note that this must have been > before I bound my laptop to the OD domain on my OS X Server. > - 999 - macports, or rather what I changed macports to after I saw > Rodolfo's original message in this trhead and realized > it was conflicting with my OD accounts. > - 1025 - my personal account, a mobile account on my laptop (in the > local domain, and paired to my account in the OD domain). > Before binding my laptop to my OD domain, my personal account > had UID 502, which is why there is a hole in the sequence. > It also involved much shuffling of files, yada, yada, yada. > > - When I created the local test account with this setup the resulting UID > was 504 > > I don't know if the system is explicitly keeping track of account deletions, > but it's not just simply going with 1+ the highest UID of the local accounts. > > WorkGroup Manager with OS X Server creates Open Directory accounts starting > with UID 1025. If for some reason you have a local account on the Open > Directory master that has a UID ≥ 1025, WorkGroup Manager won't reuse that. > > So if you go through the standard GUI's you're probably not going to > encounter this unless you've got a lot (500+) local accounts. > > If the account creation process in macports followed a similar process to > what System Preferences uses to find a free UID it seems like we would have a > better chance of avoiding the problem. > > - David
David is right. This is a hard issue and believe me I have burn many, many candles during Holidays and weekends trying to solve userIDs conflicts in MacOSServers. It looks to me that MacPorts installer has these options: 1. Look if the machine is a server 2. If NOT a server then: 3. Either just create the 'user:macports group:macports' account picking: a. the next available UUID account number (somewhere in the 500s) b. using a pre-determined UUID and GUID, say 600... c. giving the user the option to select which one or what =>I assume that if the machine is not a server but IS listening to a server through OD it does not matter, as long as there are UUIDs in the 500s available 4. If the machine is a server then: 5. Check if the server is listening to an OD and if yes then either quit and request a user 'macports' and a group 'macports' be created on the master OD or proceed to create the user 'macports' and a group 'macports' on the master OD. 6. If however the server is running a 'local directory' then test if all 500 numbers are taken and of they are proceed to create a user 'macports' and a group 'macports' in the 1000s. Because the server is running a local directory this should be OK, because all the users in the 1000s should be accounted for. The problem is when you pick a user 'macports' and a group 'macports' without testing the server/non-server/local/master OD configuration Am I missing something? --Rodolfo _______________________________________________ macports-users mailing list macports-users@lists.macosforge.org http://lists.macosforge.org/mailman/listinfo.cgi/macports-users
