Opened 4 years ago

Closed 2 years ago

#61626 closed defect (invalid)

Bad user for unbound

Reported by: ArtKoKo Owned by: nerdling (Jeremy Lavergne)
Priority: Normal Milestone:
Component: ports Version: 2.6.4
Keywords: Cc:
Port: unbound

Description

The user for unbound is ... unbound instead of _unbound with an ID less than 500.

So there is confusion with a standard Mac OS X user

I fix it with :

sudo dscl . -change /Users/unbound RecordName unbound _unbound && sudo dscl . -change /Groups/unbound RecordName unbound _unbound
sudo dscl . -change /Users/_unbound UniqueID 503 105 && sudo dscl . -change /Groups/_unbound PrimaryGroupID 502 105
sudo dscl . -delete /Users/unbound

I change the wrapper in line 16 :

	(/opt/local/sbin/unbound-anchor -a /opt/local/etc/unbound/root.key 2>&1) || : && (chown unbound:unbound /opt/local/etc/unbound/root.key 2>&1) && (/opt/local/sbin/unbound 2>&1)

with :

	(/opt/local/sbin/unbound-anchor -a /opt/local/etc/unbound/root.key 2>&1) || : && (chown _unbound:_unbound /opt/local/etc/unbound/root.key 2>&1) && (/opt/local/sbin/unbound 2>&1)

Change History (6)

comment:1 Changed 4 years ago by nerdling (Jeremy Lavergne)

MacPorts' add_users functions works off the highest used UID over 500. It also defaults to no shell and other settings to prevent it from appearing in the user list.

UIDs < 500 are reserved for Apple's use.

Is this on Big Sur?

Last edited 4 years ago by nerdling (Jeremy Lavergne) (previous) (diff)

comment:2 Changed 4 years ago by ArtKoKo

No, it's on Mojave The other mac ports use UIDs less than 500 and use name begin with _
Ex : mariadb _mysql, apache _www, dovecot _dovecot, postfix _postfix, postgres _postgres, etc.
Effectively _unbound do not exist natively but it make sens to add this user.
The user unbound appear in login screen and in system preferences > users and groups
I think because I use password policy https://github.com/svanzoest/pwpolicy
pwpolicy apply the rules for user greater than 500...

Last edited 4 years ago by ArtKoKo (previous) (diff)

comment:3 Changed 4 years ago by nerdling (Jeremy Lavergne)

It's interesting that apache was cited: the apache Portfile doesn't appear to create any users. It would seem the users you're citing are actually created by Apple and not from MacPorts—especially since MacPorts only creates users with UIDs over 500.

It's starting to sound like the "pwpolicy" tool alone has caused this problem by bad assumptions.

comment:4 Changed 4 years ago by ArtKoKo

Ok. Is it possible to automatically run a patch after unbound upgrade ?

I was not found in the documentation that relates a post shell script...

comment:5 Changed 4 years ago by neverpanic (Clemens Lang)

You can switch to obtaining your ports tree from GitHub as a git checkout. MacPorts will then use git fetch && git rebase --autostash origin/master to update, which should preserve your local modifications.

You'll have to spend some CPU cycles to locally generate the PortIndex, but after the initial generation which can take a while, this isn't a big deal.

comment:6 Changed 2 years ago by nerdling (Jeremy Lavergne)

Resolution: invalid
Status: assignedclosed
Note: See TracTickets for help on using tickets.