Mailing List Archive

On 12 Sep 2004, at 22:34, rmunn@pobox.com wrote:

> I'm trying to get the apache-2.0.50-r1 ebuild to work properly on OS X.
> One of the difficulties is that it installs apache with a user and
> group
> named "apache". Well, Panther (10.3.5) already comes with apache
> 1.3.29,
> which is configured to use a user and group named "www".
>
> I see two options: either make apache2 use user and group "www" on
> macos, which might conflict with the assumptions made by other
> packages;
> or create a user and group named "apache" during the ebuild. But OS X
> doesn't come with useradd scripts.

We'd probably need osx/darwin alternatives for the enewuser/enewgroup
in the eutils eclass.

I know there is a script out there that simulates useradd
functionality, but it would probably be better if we added users/groups
the correct way in the correct place.
That way the problem gets solved for all ebuilds that add users/groups
at once.

cc'ed vapier on this. Maybe he already has some great suggestions.

Pieter

> Has anyone thought the issue over before? Any nuggets of wisdom gleaned
> from the experience, so I don't re-invent the wheel?
>
> --
> Robin Munn
> rmunn@pobox.com


--
gentoo-osx@gentoo.org mailing list

rmunn@pobox.com wrote:

>I'm trying to get the apache-2.0.50-r1 ebuild to work properly on OS X.
>One of the difficulties is that it installs apache with a user and group
>named "apache". Well, Panther (10.3.5) already comes with apache 1.3.29,
>which is configured to use a user and group named "www".
>
>I see two options: either make apache2 use user and group "www" on
>macos, which might conflict with the assumptions made by other packages;
>or create a user and group named "apache" during the ebuild. But OS X
>doesn't come with useradd scripts.
>
>Has anyone thought the issue over before? Any nuggets of wisdom gleaned
>from the experience, so I don't re-invent the wheel?
>
>
>
Same problem with games group, tried to add it manually, but this don't
work.

--
Laera Dario
Undergraduate student at Computer Science
University of Bologna
ICQ# 203250303 /==/ http://laera.web.cs.unibo.it
Mail to: laera_at_cs.unibo.it pennytommy_at_libero.it


--
gentoo-osx@gentoo.org mailing list

Ok, so for the record:

users-update

When this script is run, all the users/groups that have been added by
portage to the system will be shown along with the packages that have
added said users/groups. Here they can delete accounts that are no
longer required by the currently installed packages (and optionally run
a script that will try to locate all files on the system that may still
be owned by the account).

Solves the problem accurately.

Pieter


On 12 Sep 2004, at 23:57, Mike Frysinger wrote:

> On Sunday 12 September 2004 04:42 pm, Pieter Van den Abeele wrote:
>> cc'ed vapier on this. Maybe he already has some great suggestions.
>
> http://www.gentoo.org/proj/en/glep/glep-0027.html
> -mike

On Sun, Sep 12, 2004 at 10:42:05PM +0200, Pieter Van den Abeele wrote:
>
> On 12 Sep 2004, at 22:34, rmunn@pobox.com wrote:
>
> >I see two options: either make apache2 use user and group "www" on
> >macos, which might conflict with the assumptions made by other
> >packages;
> >or create a user and group named "apache" during the ebuild. But OS X
> >doesn't come with useradd scripts.
>
> We'd probably need osx/darwin alternatives for the enewuser/enewgroup
> in the eutils eclass.
>
> I know there is a script out there that simulates useradd
> functionality, but it would probably be better if we added users/groups
> the correct way in the correct place.
> That way the problem gets solved for all ebuilds that add users/groups
> at once.
>
> cc'ed vapier on this. Maybe he already has some great suggestions.

I just found http://developer.apple.com/internet/opensource/osdb.html,
which mentions using niutil to create a mysql user & group with ID 401:

sudo niutil -create / /groups/mysql
sudo niutil -createprop / /groups/mysql gid 401
sudo niutil -create / /users/mysql
sudo niutil -createprop / /users/mysql gid 401
sudo niutil -createprop / /users/mysql uid 401

I tried this (with user & group name postgresql instead of mysql) and it
seems to work. Although the new user & group names do not appear in
/etc/passwd and /etc/group, I can now su to postgresql:

localhost:/ root# su postgresql
localhost:/ postgresql$ id
uid=401(postgresql) gid=401(postgresql) groups=401(postgresql)
localhost:/ postgresql$

As long as nothing depends on /etc/passwd and /etc/group, this may be
the Right Thing to use as an osx/darwin alternative for enewuser and
enewgroup.

--
Robin Munn
rmunn@pobox.com

Hi,

Speaking to vapier, the only thing what is preventing GLEP 27 from
being implemented is somebody writing code for it.
( If you're interested in becoming a developer, here's your chance :-)
- file us a bug with your code )

If nobody is found this should be added to the next macos meeting
agenda and we should allocate resources.

Best regards,

Pieter Van den Abeele


On 13 Sep 2004, at 00:53, rmunn@pobox.com wrote:

> On Sun, Sep 12, 2004 at 10:42:05PM +0200, Pieter Van den Abeele wrote:
>>
>> On 12 Sep 2004, at 22:34, rmunn@pobox.com wrote:
>>
>>> I see two options: either make apache2 use user and group "www" on
>>> macos, which might conflict with the assumptions made by other
>>> packages;
>>> or create a user and group named "apache" during the ebuild. But OS X
>>> doesn't come with useradd scripts.
>>
>> We'd probably need osx/darwin alternatives for the enewuser/enewgroup
>> in the eutils eclass.
>>
>> I know there is a script out there that simulates useradd
>> functionality, but it would probably be better if we added
>> users/groups
>> the correct way in the correct place.
>> That way the problem gets solved for all ebuilds that add users/groups
>> at once.
>>
>> cc'ed vapier on this. Maybe he already has some great suggestions.
>
> I just found http://developer.apple.com/internet/opensource/osdb.html,
> which mentions using niutil to create a mysql user & group with ID 401:
>
> sudo niutil -create / /groups/mysql
> sudo niutil -createprop / /groups/mysql gid 401
> sudo niutil -create / /users/mysql
> sudo niutil -createprop / /users/mysql gid 401
> sudo niutil -createprop / /users/mysql uid 401
>
> I tried this (with user & group name postgresql instead of mysql) and
> it
> seems to work. Although the new user & group names do not appear in
> /etc/passwd and /etc/group, I can now su to postgresql:
>
> localhost:/ root# su postgresql
> localhost:/ postgresql$ id
> uid=401(postgresql) gid=401(postgresql) groups=401(postgresql)
> localhost:/ postgresql$
>
> As long as nothing depends on /etc/passwd and /etc/group, this may be
> the Right Thing to use as an osx/darwin alternative for enewuser and
> enewgroup.
>
> --
> Robin Munn
> rmunn@pobox.com


--
gentoo-osx@gentoo.org mailing list

On Sunday, September 12, 2004, at 09:32PM, Pieter Van den Abeele <pvdabeel@gentoo.org> wrote:

>Hi,
>
>Speaking to vapier, the only thing what is preventing GLEP 27 from
>being implemented is somebody writing code for it.
>( If you're interested in becoming a developer, here's your chance :-)
>- file us a bug with your code )
>
>If nobody is found this should be added to the next macos meeting
>agenda and we should allocate resources.
>

Hi,

This is the sort of stuff I'd be happy to work on, but my ibook is
being repaired (the LCD went) so I have no OSX system right now.
However, I should be getting it back soon and if no one else has filed
a bug, I'll see if I can put something together.

Thanks,


Chris


--
gentoo-osx@gentoo.org mailing list

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

rmunn@pobox.com wrote:
| As long as nothing depends on /etc/passwd and /etc/group, this may be
| the Right Thing to use as an osx/darwin alternative for enewuser and
| enewgroup.

AFAIK, OSX doesn't depend on /etc/passwd or /etc/group outside of
single-user mode (maybe not even then...) Note man pages for group,
netinfo, and lookupd.

from group man page:

~ Note: This information may be superseded by the NetInfo system. See
~ lookupd(8) for more information.

Cheers,
- -Nick Dimiduk
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFBRkQUMRGACoLVQ1kRAgvEAJ0S8s3u0EoGL10EF0LCWUsnzwcMkgCgooGY
LFrn1xk23kxYFBecHkcmc00=
=rG1U
-----END PGP SIGNATURE-----

--
gentoo-osx@gentoo.org mailing list

My assumption would be that the /etc/passwd and /etc/group files are
maintained by the NetInfo stuff, and only serve as fallbacks, in case
an app (BSD-space only, or even GNU) hasn't been built with NetInfo in
mind. From my own experience, there can be some oddities in terms of
adding users and groups as hidden, as opposed to appearing in the main
user control GUI (not the NetInfo Utility one).

Maybe some diving through the ADC documentation will reveal all.

On Sep 13, 2004, at 6:06 PM, Nick Dimiduk wrote:
>
> AFAIK, OSX doesn't depend on /etc/passwd or /etc/group outside of
> single-user mode (maybe not even then...) Note man pages for group,
> netinfo, and lookupd.
>
--
Paul Handly
sauron@osmos.org
http://www.osmos.org


--
gentoo-osx@gentoo.org mailing list

NetInfo IGNORES /etc/passwd and /etc/group. All OS level user/group
management is done via NetInfo, with the /etc/passwd and /etc/group
files being used only until NetInfo is loaded.

Any user add script needs to interface with NetInfo. As I said,
/etc/passwd is ignored by the OS.

I've got a user add script that works with NetInfo I could paste here,
if you like.

Cap'n Hector (Sorry about the top-post, temp bug in client)

On Sep 13, 2004, at 6:49 PM, Paul Handly wrote:

> My assumption would be that the /etc/passwd and /etc/group files are
> maintained by the NetInfo stuff, and only serve as fallbacks, in case
> an app (BSD-space only, or even GNU) hasn't been built with NetInfo in
> mind. From my own experience, there can be some oddities in terms of
> adding users and groups as hidden, as opposed to appearing in the main
> user control GUI (not the NetInfo Utility one).
>

--
gentoo-osx@gentoo.org mailing list

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

snu from the #Opendarwin project, is working on porting the bsd utility
yp to os x/darwin. Its in its infancy, and i havent tried it yet, but
it might be worth a look for a more robust solution to this
problem....the few scripts i've seen that interface with niutil aren't
very complete IMHO.

http://opendarwin.org/~snu/

Kito

On Sep 12, 2004, at 7:32 PM, Pieter Van den Abeele wrote:

> Hi,
>
> Speaking to vapier, the only thing what is preventing GLEP 27 from
> being implemented is somebody writing code for it.
> ( If you're interested in becoming a developer, here's your chance :-)
> - file us a bug with your code )
>
> If nobody is found this should be added to the next macos meeting
> agenda and we should allocate resources.
>
> Best regards,
>
> Pieter Van den Abeele
>
>
> On 13 Sep 2004, at 00:53, rmunn@pobox.com wrote:
>
>> On Sun, Sep 12, 2004 at 10:42:05PM +0200, Pieter Van den Abeele wrote:
>>>
>>> On 12 Sep 2004, at 22:34, rmunn@pobox.com wrote:
>>>
>>>> I see two options: either make apache2 use user and group "www" on
>>>> macos, which might conflict with the assumptions made by other
>>>> packages;
>>>> or create a user and group named "apache" during the ebuild. But OS
>>>> X
>>>> doesn't come with useradd scripts.
>>>
>>> We'd probably need osx/darwin alternatives for the enewuser/enewgroup
>>> in the eutils eclass.
>>>
>>> I know there is a script out there that simulates useradd
>>> functionality, but it would probably be better if we added
>>> users/groups
>>> the correct way in the correct place.
>>> That way the problem gets solved for all ebuilds that add
>>> users/groups
>>> at once.
>>>
>>> cc'ed vapier on this. Maybe he already has some great suggestions.
>>
>> I just found http://developer.apple.com/internet/opensource/osdb.html,
>> which mentions using niutil to create a mysql user & group with ID
>> 401:
>>
>> sudo niutil -create / /groups/mysql
>> sudo niutil -createprop / /groups/mysql gid 401
>> sudo niutil -create / /users/mysql
>> sudo niutil -createprop / /users/mysql gid 401
>> sudo niutil -createprop / /users/mysql uid 401
>>
>> I tried this (with user & group name postgresql instead of mysql) and
>> it
>> seems to work. Although the new user & group names do not appear in
>> /etc/passwd and /etc/group, I can now su to postgresql:
>>
>> localhost:/ root# su postgresql
>> localhost:/ postgresql$ id
>> uid=401(postgresql) gid=401(postgresql) groups=401(postgresql)
>> localhost:/ postgresql$
>>
>> As long as nothing depends on /etc/passwd and /etc/group, this may be
>> the Right Thing to use as an osx/darwin alternative for enewuser and
>> enewgroup.
>>
>> --
>> Robin Munn
>> rmunn@pobox.com
>
>
> --
> gentoo-osx@gentoo.org mailing list
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (Darwin)

iD8DBQFBRvzzJ0rMK/3OwgsRAlNdAJ0ZUFecOIWtiwFprfYj20lxyrk1pgCeNoAW
cklzgzsmFfIN0aaadWi7y2A=
=qKiL
-----END PGP SIGNATURE-----


--
gentoo-osx@gentoo.org mailing list

On Sep 12, 2004, at 11:53 pm, rmunn@pobox.com wrote:

> sudo niutil -create / /groups/mysql
> sudo niutil -createprop / /groups/mysql gid 401
> sudo niutil -create / /users/mysql
> sudo niutil -createprop / /users/mysql gid 401
> sudo niutil -createprop / /users/mysql uid 401
> ...
> As long as nothing depends on /etc/passwd and /etc/group, this may be
> the Right Thing to use as an osx/darwin alternative for enewuser and
> enewgroup.

Sorry to take a couple of days to notice this, but it shouldn't be a
*alternative* to enewuser and enewgroup, but should be called *by*
them.

Until a few months ago it was not uncommon for ebuilds to call
`adduser`, which was clearly fine whilst those ebuilds were only to be
expected to run under Linux. This is the dried-grape de etre of
enewuser and enewgroup:
function enewuser{
if uname == "Linux" then `adduser foo`
else if uname == "Darwin" then do `niutil -create / /users/mysql`;
niutil -createprop / /users/mysql uid 401; done fi

Or something.

Stroller.


--
gentoo-osx@gentoo.org mailing list

On Sep 14, 2004, at 04:21 AM, Cap'n Hector wrote:

> NetInfo IGNORES /etc/passwd and /etc/group.

Correct.

> All OS level user/group management is done via NetInfo

Incorrect (provided that neither my knowledge nor Apple's man pages are
out of date).

As someone else mentioned, user and group management is handled by
"lookupd", which relies on more than just NetInfo:

(from 'man lookupd')
> Internally, lookupd uses a set of software ``agents'' to get
> information.
> There are agents for NetInfo, NIS, DNS, the files in /etc (also known
> as
> the ``Flat Files'' ), Directory Services, and an agent which manages
> the
> internal cache. There is also a special agent (the NILAgent) which
> returns negative entries.

/etc/passwd and /etc/group are not being ignored; they are merely not a
priority to search.

--
Sören 'Chucker' Kuklau

--
gentoo-osx@gentoo.org mailing list

$ cat /etc/passwd
##
# User Database
#
# Note that this file is consulted when the system is running in
single-user
# mode. At other times this information is handled by one or more of:
# lookupd DirectoryServices
# By default, lookupd gets information from NetInfo, so this file will
# not be consulted unless you have changed lookupd's configuration.
# This file is used while in single user mode.
#
# To use this file for normal authentication, you may enable it with
# /Applications/Utilities/Directory Access.
##
nobody:*:-2:-2:Unprivileged User:/:/usr/bin/false
root:*:0:0:System Administrator:/var/root:/bin/sh
daemon:*:1:1:System Services:/var/root:/usr/bin/false
smmsp:*:25:25:Sendmail User:/private/etc/mail:/usr/bin/false
lp:*:26:26:Printing Services:/var/spool/cups:/usr/bin/false
postfix:*:27:27:Postfix User:/var/spool/postfix:/usr/bin/false
www:*:70:70:World Wide Web Server:/Library/WebServer:/usr/bin/false
eppc:*:71:71:Apple Events User:/var/empty:/usr/bin/false
mysql:*:74:74:MySQL Server:/var/empty:/usr/bin/false
sshd:*:75:75:sshd Privilege separation:/var/empty:/usr/bin/false
qtss:*:76:76:QuickTime Streaming Server:/var/empty:/usr/bin/false
cyrus:*:77:6:Cyrus User:/var/imap:/usr/bin/false
mailman:*:78:78:Mailman user:/var/empty:/usr/bin/false
appserver:*:79:79:Application Server:/var/empty:/usr/bin/false
unknown:*:99:99:Unknown User:/var/empty:/usr/bin/false
$ nidump passwd .
nobody:*:-2:-2::0:0:Unprivileged User:/var/empty:/usr/bin/false
root:********:0:0::0:0:System Administrator:/var/root:/bin/sh
daemon:*:1:1::0:0:System Services:/var/root:/usr/bin/false
unknown:*:99:99::0:0:Unknown User:/var/empty:/usr/bin/false
smmsp:*:25:25::0:0:Sendmail User:/private/etc/mail:/usr/bin/false
lp:*:26:26::0:0:Printing Services:/var/spool/cups:/usr/bin/false
postfix:*:27:27::0:0:Postfix User:/var/spool/postfix:/usr/bin/false
www:*:70:70::0:0:World Wide Web Server:/Library/WebServer:/usr/bin/false
eppc:*:71:71::0:0:Apple Events User:/var/empty:/usr/bin/false
mysql:*:74:74::0:0:MySQL Server:/var/empty:/usr/bin/false
sshd:*:75:75::0:0:sshd Privilege separation:/var/empty:/usr/bin/false
qtss:*:76:76::0:0:QuickTime Streaming Server:/var/empty:/usr/bin/false
cyrus:*:77:6::0:0:Cyrus User:/var/imap:/usr/bin/false
mailman:*:78:78::0:0:Mailman user:/var/empty:/usr/bin/false
appserver:*:79:79::0:0:Application Server:/var/empty:/usr/bin/false
bob:********:501:501::0:0:Bob:/Users/bob:/bin/bash
cvs:********:502:20::0:0:cvs:/Users/cvs:/bin/tcsh
mat:********:1000:1000::::mat:/Users/mat:/bin/bash
jem:********:1001:1000::::jem:/Users/cvs:/bin/bash
paul:********:1002:20::0:0:paul:/Users/paul:/bin/tcsh

Note that the /etc/passwd doesn't have the entries for the users on
this computer.

From the lookupd man page:

By default, lookupd first queries its cache agent, then NetInfo, then
the Directory
Services agent.

Standard, out-of-box OS X configuration has lookupd not using the flat
files. They are disabled by default in
/Applications/Utilities/Directory\ Access.app and need to be manually
configured to use the flat files.

Or, as /etc/passwd says:

# By default, lookupd gets information from NetInfo, so this file will
# not be consulted unless you have changed lookupd's configuration.
# This file is used while in single user mode.
#
# To use this file for normal authentication, you may enable it with
# /Applications/Utilities/Directory Access.

Cap'n Hector (Sorry for top-post, beta-testing)

On Sep 16, 2004, at 4:44 AM, Sören Kuklau wrote:

> Incorrect (provided that neither my knowledge nor Apple's man pages
> are out of date).
>
> As someone else mentioned, user and group management is handled by
> "lookupd", which relies on more than just NetInfo:

--
gentoo-osx@gentoo.org mailing list