Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Refactor the script #6

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 38 commits into from
Jul 18, 2023
Merged

Refactor the script #6

merged 38 commits into from
Jul 18, 2023

Conversation

dak180
Copy link
Member

@dak180 dak180 commented Jan 22, 2023
edited
Loading

Switch to bash (was already using bashisms)
Update syntax.
Fix shellcheck warnings.

Tarball for testing (see fink/fink-distributions#1031 for updated info files).

@dak180
First pass.
a44027f 
Switch to bash (was already using bashisms)
Update syntax.
Fix shellcheck warnings.
@dak180 dak180 self-assigned this Jan 22, 2023
@dak180 dak180 marked this pull request as ready for review February 14, 2023 19:51
@dak180 dak180 requested a review from TheSin- February 14, 2023 19:52
@dak180 dak180 requested a review from nieder February 14, 2023 20:57
@dak180 dak180 requested a review from a team February 22, 2023 05:42
@dak180
Copy link
Member Author

dak180 commented May 2, 2023

@fink/fink-developers the primary things to to test are that reboots are not required to use the newly created user with chown and that the users do not show up in the fast user switching menu. You should be able to make install from the repo and then just use it from the command line to test; the Directory Utility app can be used to inspect the resulting users.

dak180 added a commit to dak180/fink-dists that referenced this pull request May 29, 2023
@dak180
Update the main passwd package.
ed07c4c 
Version info is a placeholder for now.

See fink/passwd#6.
@dak180 dak180 mentioned this pull request May 29, 2023
Open
1 task
@dak180
Copy link
Member Author

dak180 commented Jul 13, 2023

@TheSin- it is walking through 600-699 looking for an unused GID as indicated by no output from dscacheutil -q group -a gid ${testUid} 2> /dev/null

@TheSin-
Copy link
Member

TheSin- commented Jul 13, 2023 

~ % id 600                     
uid=600(fink-bld) gid=20(staff) groups=20(staff),600(fink-bld),12(everyone),61(localaccounts),701(com.apple.sharepoint.group.1),98(_lpadmin),100(_lpoperator)
~ % id 601
id: 601: no such user

@TheSin-
Copy link
Member

TheSin- commented Jul 13, 2023

must not be walking right?

~ % dscacheutil -q group -a gid 600; echo $?
name: fink-bld
password: *
gid: 600
users: fink-bld 

0
~ % dscacheutil -q group -a gid 601; echo $?
0

@TheSin-
Copy link
Member

TheSin- commented Jul 13, 2023

Changed line 171 to use testGid instead of testUid and this is the output with -x

Unpacking passwd-redis (20230529-1) over (20230529-1) ...
Setting up passwd-redis (20230529-1) ...
+ prefixPath=/opt/sw
++ uname -r
++ cut -d. -f1
+ DarwinVersion=22
+ sysadminctlVersion=17
+ '[' 22 -ge 17 ']'
+ sysadminctlVersionRun=1
+ UPVERSION=
+ getopts :n:g:h:s:i:m:V OPTION
+ case "${OPTION}" in
+ SHORTNAME=redis
+ getopts :n:g:h:s:i:m:V OPTION
+ case "${OPTION}" in
+ INFO='Redis Key-Value Store Server'
+ getopts :n:g:h:s:i:m:V OPTION
+ case "${OPTION}" in
+ HOME=/opt/sw/var/db/redis
+ getopts :n:g:h:s:i:m:V OPTION
+ case "${OPTION}" in
+ GROUPNAME=redis
+ getopts :n:g:h:s:i:m:V OPTION
+ case "${OPTION}" in
+ MEMBERS=redis
+ getopts :n:g:h:s:i:m:V OPTION
+ PATH=/opt/sw/sbin:/opt/sw/bin:/usr/sbin:/sbin:/usr/X11R6/bin:/usr/X11/bin:/opt/X11/bin:/opt/sw/sbin:/opt/sw/bin:/usr/sbin:/sbin:/usr/X11R6/bin:/usr/X11/bin:/opt/X11/bin:/opt/sw/bin:/opt/sw/sbin:/usr/local/bin:/System/Cryptexes/App/usr/bin:/usr/bin:/bin:/usr/sbin:/sbin:/opt/X11/bin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/local/bin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/bin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/appleinternal/bin:/usr/local/sbin:/usr/local/bin
+ commands=(dscl dscacheutil defaults id sed grep cut tr tee)
+ '[' 1 = 1 ']'
+ commands+=(sysadminctl dseditgroup)
+ for command in '"${commands[@]}"'
+ type dscl
+ for command in '"${commands[@]}"'
+ type dscacheutil
+ for command in '"${commands[@]}"'
+ type defaults
+ for command in '"${commands[@]}"'
+ type id
+ for command in '"${commands[@]}"'
+ type sed
+ for command in '"${commands[@]}"'
+ type grep
+ for command in '"${commands[@]}"'
+ type cut
+ for command in '"${commands[@]}"'
+ type tr
+ for command in '"${commands[@]}"'
+ type tee
+ for command in '"${commands[@]}"'
+ type sysadminctl
+ for command in '"${commands[@]}"'
+ type dseditgroup
++ /usr/bin/id -u
+ '[' 0 -ne 0 ']'
+ '[' '!' -z redis ']'
+ opMode=user
+ : /opt/sw/var/db/redis
+ : /usr/bin/false
+ '[' -z 'Redis Key-Value Store Server' ']'
+ '[' -z redis ']'
+ '[' -z redis ']'
++ grep '^AutoUid:' /opt/sw/etc/passwd.conf
++ sed -e 's:[[:blank:]]\{1,\}: :g'
++ cut -d ' ' -f 2
+ '[' true = true ']'
++ grep '^AutoUidMin:' /opt/sw/etc/passwd.conf
++ sed -e 's:[[:blank:]]\{1,\}: :g'
++ cut -d ' ' -f 2
+ uidMin=600
++ grep '^AutoUidMax:' /opt/sw/etc/passwd.conf
++ sed -e 's:[[:blank:]]\{1,\}: :g'
++ cut -d ' ' -f 2
+ uidMax=699
+ echo 'Checking to see if the group redis exists:'
Checking to see if the group redis exists:
++ dscacheutil -q group -a name redis
+ '[' '!' -z '' ']'
++ dscacheutil -q group -a name _redis
+ '[' '!' -z '' ']'
++ gidNumber redis
++ local groupname=redis
++ local _gid
++ '[' '!' -z '' ']'
++ '[' '!' -z 600 ']'
++ local testGid=600
++ '[' 600 -le 699 ']'
+++ dscacheutil -q group -a gid 600
++ '[' '!' -z 'name: fink-bld
password: *
gid: 600
users: fink-bld ' ']'
++ testGid=601
++ '[' 601 -le 699 ']'
+++ dscacheutil -q group -a gid 601
++ '[' '!' -z '' ']'
++ _gid=601
++ break
++ '[' -z 601 ']'
+++ dscacheutil -q group -a gid 601
++ '[' '!' -z '' ']'
++ echo 601
+ gidNumber=601
+ '[' 1 = 1 ']'
+ dseditgroupGroup redis 601 redis
+ local groupname=redis
+ local gid=601
+ local groupmembership=redis
+ dseditgroup create -i 601 redis
Group not found.
+ dscl . create /groups/redis passwd '*'
+ dscl . create /groups/redis GroupMembership redis
+ dscl . create /groups/redis IsHidden 1
+ '[' user = user ']'
+ echo 'Checking to see if the user redis exists:'
Checking to see if the user redis exists:
+ '[' user = user ']'
++ dscacheutil -q user -a name redis
+ '[' '!' -z '' ']'
+ '[' user = user ']'
++ dscacheutil -q user -a name _redis
+ '[' '!' -z '' ']'
+ '[' user = user ']'
+ echo 'redis does not exist; creating...'
redis does not exist; creating...
+ : 601
+ '[' 1 = 1 ']'
++ uidNumber redis
++ local name=redis
++ local _uid
++ '[' '!' -z '' ']'
++ '[' '!' -z 600 ']'
++ local testUid=600
++ '[' 600 -le 699 ']'
++ /usr/bin/id -u 600 2
++ testUid=601
++ '[' 601 -le 699 ']'
++ /usr/bin/id -u 601 2
++ _uid=601
++ break
++ '[' -z 601 ']'
++ /usr/bin/id -u 601 2
++ echo 601
+ sysadminctlUser redis 601 601 /opt/sw/var/db/redis /usr/bin/false 'Redis Key-Value Store Server'
+ local name=redis
+ local uid=601
+ local gid=601
+ local home=/opt/sw/var/db/redis
+ local shell=/usr/bin/false
+ local 'info=Redis Key-Value Store Server'
+ sysadminctl -addUser redis -fullName 'Redis Key-Value Store Server' -password '*' -hint '' -UID 601 -GID 601 -home /opt/sw/var/db/redis -shell /usr/bin/false -roleAccount
2023-07-13 10:07:56.489 sysadminctl[15628:79282] User named 'redis' already exists.
+ dscl . create /users/redis IsHidden 1
+ dscl . delete /users/redis AuthenticationAuthority
+ defaults write /Library/Preferences/com.apple.loginwindow HiddenUsersList -array-add redis
+ id redis
id: redis: no such user
+ /usr/bin/killall DirectoryService
+ /usr/bin/killall opendirectoryd

@TheSin-
Copy link
Member

TheSin- commented Jul 15, 2023

With the latest changes

Setting up passwd-redis (20230529-1) ...
Checking to see if the group redis exists:
Create called on existing record - do you want to overwrite, y or n : y

Checking to see if the user redis exists:
redis does not exist; creating...
2023-07-15 11:04:27.610 sysadminctl[56726:330808] User named 'redis' already exists.
id: redis: no such user

Setting up passwd-redis (20230529-1) ...
Checking to see if the group redis exists:
redis exists.
Checking to see if the user redis exists:
redis does not exist; creating...
2023-07-15 11:05:05.226 sysadminctl[56863:331750] User named 'redis' already exists.
id: redis: no such user

so group looks good now! But user still failing.

@dak180
Copy link
Member Author

dak180 commented Jul 16, 2023

@TheSin- glad to hear that group is working. For the user stuff did you check in the Directory Utility app to see if there is any partially created users that it running into (id is not reliable for doing this)?

@TheSin-
Copy link
Member

TheSin- commented Jul 16, 2023

Screenshot 2023-07-16 at 12 07 04 PM Screenshot 2023-07-16 at 12 07 16 PM

@TheSin-
Copy link
Member

TheSin- commented Jul 16, 2023
edited
Loading

so looks like there is a user even then id says no ?

just no id for it.

@TheSin-
Copy link
Member

TheSin- commented Jul 16, 2023
edited
Loading

deleted the user in Directory Utility and then re ran the install, now it's partially added again with no ID like before

Setting up passwd-redis (20230529-1) ...
Checking to see if the group redis exists:
redis exists.
Checking to see if the user redis exists:
redis does not exist; creating...
2023-07-16 12:09:03.225 sysadminctl[59828:578275] ----------------------------
2023-07-16 12:09:03.226 sysadminctl[59828:578275] No clear text password or interactive option was specified (adduser, change/reset password will not allow user to use FDE) !
2023-07-16 12:09:03.226 sysadminctl[59828:578275] ----------------------------
2023-07-16 12:09:03.233 sysadminctl[59828:578275] New account password error.  (5402)
id: redis: no such user

@dak180
Copy link
Member Author

dak180 commented Jul 16, 2023

@TheSin- try changing the id range in the config file to between 200 and 400.

dak180 added 5 commits July 16, 2023 20:18
@dak180
Role Accounts require an id in the range 200-400 and a name starting …
65d757c 
…with _.

This is more strictly enforced in later versions of macos.
@dak180
Use dsimport for user creation.
48a4a08 
dsimport has less usage restrictions but is easier to shoot yourself in the foot with.
@dak180
Add quotes.
0418d35
@dak180
Clean up user visible output.
45acfcd
@dak180
Conform to package versioning.
70125b0
@TheSin-
Copy link
Member

TheSin- commented Jul 17, 2023

With the current changes

Setting up passwd-redis (20230529-1) ...
Checking to see if the group redis exists:
redis exists.
Checking to see if the user redis exists:
redis does not exist; creating...
redis
name: redis
password: *
uid: 601
gid: 601
dir: /opt/sw/var/db/redis
shell: /usr/bin/false
gecos: Redis Key-Value Store Server

% id -u redis
601

% id -g redis
601

Setting up passwd-postgres (20230529-1) ...
Checking to see if the group postgres exists:
postgres exists.
Checking to see if the user postgres exists:
postgres exists.

@TheSin-
Copy link
Member

TheSin- commented Jul 18, 2023

I'm not sure the group is getting set right? I'd assume the primary group for Redis would be Redis

% mkdir blah                    
% sudo chown redis: blah
% ls -lad blah                  
drwxr-xr-x  2 redis  staff  64 18 Jul 07:33 blah

But I was able to use it without a reboot, I'm going to try and build and install Redis now to make sure.

@TheSin-
Copy link
Member

TheSin- commented Jul 18, 2023

According to Directory Utility Redis's primaryGroupID is 601 so odd chown redis: doesn't do redis:redis. But it seems right just odd behaviour from chown I think.

redis built and installed without a reboot!!!

I do not see new users in the fast switching menu, I'm going to reboot now to make sure.

Was there anything else to test?

@dak180
Copy link
Member Author

dak180 commented Jul 18, 2023

I'm not sure the group is getting set right?

I would assume that since you (as a normal user) ran mkdir that is where staff got set and since you did not specify a change of group, it stayed the same.

TheSin-
TheSin- approved these changes Jul 18, 2023
View reviewed changes
Copy link
Member

@TheSin- TheSin- left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

tested and looking perfect to me.

This is very important for 10.13+ and should be adopted immediately IMHO. We should also use this code during bootstrapping for fink-bld.

@TheSin-
Copy link
Member

TheSin- commented Jul 18, 2023

I'm not sure the group is getting set right?

I would assume that since you (as a normal user) ran mkdir that is where staff got set and since you did not specify a change of group, it stayed the same.

then that is my own ignorance with chown, I thought : defaulted to the user group for chown not the current console user. Makes sense though. So that's on me and things are working 100%

@dak180 dak180 merged commit b725c0d into fink:master Jul 18, 2023
@dak180 dak180 mentioned this pull request Aug 4, 2023
Open
@dak180 dak180 deleted the topic/refactor branch August 9, 2023 23:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@TheSin- TheSin- TheSin- approved these changes

@nieder nieder Awaiting requested review from nieder

Assignees

@dak180 dak180

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Users Are Listed In The Fast User Switch Drop Down You Need To Reboot After A User Is Added Before Using Chown On It

2 participants

@dak180 @TheSin-