Underscores in some directory user,
group names (Postfix MacPort example)
Tabitha McNerney
tabithamc at gmail.com
Thu Jan 17 06:14:29 PST 2008
Hello Jordan and/or anyone else,
Sorry to be such a pest (I know that MacWorld is this week and so time is
probably limited for Apple) but I was wondering if my question was better
clarified the second time?
Thank you!
-T.M.
On 1/14/08, Tabitha McNerney <tabithamc at gmail.com> wrote:
>
>
>
> On 1/13/08, Jordan K. Hubbard <jkh at apple.com> wrote:
> >
> > I'm sorry, Tabitha, but I've read this message twice and I still have no
> > idea just what question it is you're actually asking here. :-)
> > - Jordan
> >
>
> Jordan, I'll try to rephrase my question to hopefully clarify:
>
> Why doesn't Apple include, in Mac OS X Server 10.5, a local directory
> entry of a user user named "_ldap"?
>
> A follow up question:
>
> What criteria did Apple use for selecting names, in the local directory
> domain of Mac OS X Server 10.5, which were eligible to receive an
> underscore prefix?
>
> What triggered my question was the MacPorts openldap installation on
> Leopard Server creates a local directory user named "ldap" but I half
> expected in Leopard to find a prexisting user named "_ldap" in the local
> directory (courtesy of Apple), considering some of the other underscored
> prefixed Unix user names that prexist courtesy of Apple as _postfix
>
> Thank you,
>
> T.M.
>
>
> On Jan 13, 2008, at 9:17 PM, Tabitha McNerney wrote:
> >
> > Hello Jordan, et al:
> >
> > Today I was reading my documentation for running a separate OpenLDAP
> > daemon on an Xserve running Leopard Server. I installed the openldap MacPort
> > (which is based on OpenLDAP version 2.3.35) and I was somewhat surprised
> > that the installation created a user with short name "ldap" and a UID of 500
> > (with a group short name of "ldap" and a gid of 502). The reason this
> > surprised me is that Apple ships with Leopard Server a compilation instance
> > of OpenLDAP 2.3.27 which is of course the basis for OpenDirectory, and
> > which slapd daemon is run by root apparently at boot time (I presume there
> > is a launchd plist for this but I haven't looked yet).
> >
> > Now, therefore, considering the logic of using underscores as prefixes
> > to avoid namespace collisions since the founders of Unix didn't consider
> > this to be a problem in the 1970s / 1980s, and considering the examples of
> > uids and gids whose corresponding short names that reside in the local
> > domain directory that Apple ships with Leopard Server are, in examples:
> >
> > _postfix
> > _postdrop
> > _guest
> > _xgridagent
> > _spotlight
> > _mysql
> > _svn
> > _www
> > _jabber
> > _sshd
> >
> > and the list goes on ...
> >
> > Why oh why do I not see (when I search the local directory domain of my
> > Leopard Server 10.5.1 instance using WorkgGroup Manager to search on
> > names with underscores in them):
> >
> > _ldap ???
> >
> > Am I out of my mind that the ommission of "_ldap" is illogical and
> > without basis and is inconsistent with the namespace issue that has been
> > raised herein this discussoin thread thus far? Would it not be possible, for
> > example, for a person to accidentally choose a short user name of "ldap"
> > just as they might also accidentally do so with a name such as "postfix"?
> > Why does life have to be so complicated -- meaning, why do humans create
> > their own unnecessary complexity? We have too many rules we have to
> > remember. Where oh where is my missing friend in Leopard's local directory
> > domain named, "_ldap"? Thus as a result, the openldap MacPort created a
> > separate user account named "ldap". Ugh!
> >
> > Thanks,
> >
> > T.M.
> >
> > On 1/5/08, Tabitha McNerney < tabithamc at gmail.com> wrote:
> > >
> > >
> > >
> > > On 1/4/08, Jordan K. Hubbard < jkh at apple.com> wrote:
> > > >
> > > > This is because the original designers of Unix neglected to take
> > > > into
> > > > account the notion of user namespaces - the namespace is flat. That
> > > > means that system or role specific names can conflict with names
> > > > that
> > > > users would like to use for themselves ( c.f. "admin" or "operator")
> > > > unless you adopt a convention for keeping them separate. That
> > > > convention is the prefix underscore.
> > > >
> > > > - Jordan
> > >
> > >
> > > Jordan,
> > >
> > > Thank you very much. Makes perfect sense. Its hard to find fault with
> > > the original designers of Unix (they probably never would have guessed,
> > > decades later, that individuals in the comfort of their own homes would run
> > > Unix on a machine that sits in their lap)!
> > >
> > > Best,
> > >
> > > T.M.
> > >
> > > On Jan 4, 2008, at 5:29 PM, Tabitha McNerney wrote:
> > > >
> > > > > Hello all --
> > > > >
> > > > > I just installed the current version of the Postfix port (version
> > > > > 2.4.6) on a Leopard Server system.
> > > > >
> > > > > After the install, I noticed a username and group name of
> > > > "_postfix"
> > > > > and "_postdrop" respectively, as in:
> > > > > drwx--x--- 2 _postfix _postdrop 102 Jan 4 23:06 public/
> > > > > drwx-wx--- 2 _postfix _postdrop 102 Jan 4 23:06 maildrop/
> > > > > This differs from previous Postfix port installations (UID 27 was
> > > > > "postfix" not "_postfix"). This isn't really a MacPorts specific
> > > > > issue but I'm wondering if anyone knows why Apple changed their
> > > > > naming schema on Leopard, for short names such as:
> > > > >
> > > > > from "postfix" to "_postfix"
> > > > >
> > > > > ?
> > > > >
> > > > > I wonder if this has something to do with becoming fully UNIX
> > > > > compliant? POSIX?
> > > > >
> > > > > Mr. Jordan Hubbard, can you offer some wisdom and perspective on
> > > > > this subject?
> > > > >
> > > > > Thank you,
> > > > >
> > > > > T.M.
> > > > >
> > > >
> > > >
> > >
> >
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.macosforge.org/pipermail/macports-users/attachments/20080117/0aaa21ee/attachment-0001.html
More information about the macports-users
mailing list