Hello Jordan, et al: Today I was reading my documentation for running a separate OpenLDAP daemon on an Xserve running Leopard Server. I installed the openldap MacPort (which is based on OpenLDAP version 2.3.35) and I was somewhat surprised that the installation created a user with short name "ldap" and a UID of 500 (with a group short name of "ldap" and a gid of 502). The reason this surprised me is that Apple ships with Leopard Server a compilation instance of OpenLDAP 2.3.27 which is of course the basis for OpenDirectory, and which slapd daemon is run by root apparently at boot time (I presume there is a launchd plist for this but I haven't looked yet). Now, therefore, considering the logic of using underscores as prefixes to avoid namespace collisions since the founders of Unix didn't consider this to be a problem in the 1970s / 1980s, and considering the examples of uids and gids whose corresponding short names that reside in the local domain directory that Apple ships with Leopard Server are, in examples: _postfix _postdrop _guest _xgridagent _spotlight _mysql _svn _www _jabber _sshd and the list goes on ... Why oh why do I not see (when I search the local directory domain of my Leopard Server 10.5.1 instance using WorkgGroup Manager to search on names with underscores in them): _ldap ??? Am I out of my mind that the ommission of "_ldap" is illogical and without basis and is inconsistent with the namespace issue that has been raised herein this discussoin thread thus far? Would it not be possible, for example, for a person to accidentally choose a short user name of "ldap" just as they might also accidentally do so with a name such as "postfix"? Why does life have to be so complicated -- meaning, why do humans create their own unnecessary complexity? We have too many rules we have to remember. Where oh where is my missing friend in Leopard's local directory domain named, "_ldap"? Thus as a result, the openldap MacPort created a separate user account named "ldap". Ugh! Thanks, T.M. On 1/5/08, Tabitha McNerney <tabithamc@gmail.com> wrote:
On 1/4/08, Jordan K. Hubbard <jkh@apple.com> wrote:
This is because the original designers of Unix neglected to take into account the notion of user namespaces - the namespace is flat. That means that system or role specific names can conflict with names that users would like to use for themselves ( c.f. "admin" or "operator") unless you adopt a convention for keeping them separate. That convention is the prefix underscore.
- Jordan
Jordan,
Thank you very much. Makes perfect sense. Its hard to find fault with the original designers of Unix (they probably never would have guessed, decades later, that individuals in the comfort of their own homes would run Unix on a machine that sits in their lap)!
Best,
T.M.
On Jan 4, 2008, at 5:29 PM, Tabitha McNerney wrote:
Hello all --
I just installed the current version of the Postfix port (version 2.4.6) on a Leopard Server system.
After the install, I noticed a username and group name of "_postfix" and "_postdrop" respectively, as in: drwx--x--- 2 _postfix _postdrop 102 Jan 4 23:06 public/ drwx-wx--- 2 _postfix _postdrop 102 Jan 4 23:06 maildrop/ This differs from previous Postfix port installations (UID 27 was "postfix" not "_postfix"). This isn't really a MacPorts specific issue but I'm wondering if anyone knows why Apple changed their naming schema on Leopard, for short names such as:
from "postfix" to "_postfix"
?
I wonder if this has something to do with becoming fully UNIX compliant? POSIX?
Mr. Jordan Hubbard, can you offer some wisdom and perspective on this subject?
Thank you,
T.M.