Ticket #8583 (closed Feature Request: fixed)

Opened 6 years ago

Last modified 4 years ago

make_plone_user.sh on Mac OS X and VPN MPPE Key Access User with UID and/or GID 57

Reported by: grahamperrin Owned by: smcmahon
Priority: major Milestone: 3.3
Component: Installers Version:
Keywords: dscl Cc:

Description

I can't easily reproduce the origin(s) of this situation, but its after effect is noticeable so here goes:

Opening summary

Users of Mac OS X, maybe not limited to Mac OS X Server, may find that UID and/or GID 57 associated with VPN MPPE Key Access User is also used by UID and GID 57 for zeo.

Likelihood

I'm inclined to say rare but I have seen the symptoms on at least two Mac OS X installations, one of which is not the Server variety, so until we can figure out the situation that leads to the symptoms, likelihood shouldn't be guessed.

Environments

and some or all of:

  • Mac OS X Server 10.3.9 upgraded to 10.5.0 then progressively to 10.5.5
  • Mac OS X Server 10.4.11
  • Mac OS X 10.4.11 (not Server) upgraded to 10.5.0 then progressively to 10.5.5 with Server Admin Tools upgraded to 10.5.5.

Wild guesses

  1. Is there anything about the new/experimental approach to ZEO cluster installations, which introduces the additional user zeo alongside user plone, that could account for this?
  1. Might the /usr/sbin/vpnaddkeyagentuser binary and/or a related command/binary fail to respect a Plone/ZEO-related presence of UID and/or GID 57?
  1. Might an Apple OS installation/upgrade fail to respect a Plone/ZEO-related presence of UID and/or GID 57?

Observations

  1. On my MacBook Pro running Mac OS X 10.5.5, users and groups relating to plone and zeo may be deleted, leaving (in Workgroup Manager) no entries for UID 57 or GID 57, but then when Plone is re-installed I find that GID 57 again comprises both zeo _and_ VPN MPPE Key Access User.
  1. Early experimental commands with the vpnaddkeyagentuser binary on Mac OS X Server 10.4.11 and (copied to) Mac OS X 10.5.5 have not created the expected user/group.

Background/incidental

Issue/symptoms with UID and GID 57 noted during follow-up troubleshooting to ticket:8582, where I noted an issue with GID 50.

References

 http://dev.plone.org/plone/browser/Installers/UnifiedInstaller/trunk/helper_scripts/make_plone_user.sh

man page for  vpnaddkeyagentuser -- utility to add a keyagent user to a directory node for VPN PPTP server

 a blog entry demonstrating real-world use of vpnaddkeyagentuser

 A post to Mac OS X Server Mailing List describing user VPN MPPE Key Access User with UID 57 as a standard system account

 Mac OS X Server Command-Line Administration For Version 10.5 Leopard inspiring useful command constructs such as

dscl /Default/Local -list /Users UniqueID| awk '{print $2}' | sort -n
dscl /Default/Local -list /Groups PrimaryGroupID | awk '{print $2}' | sort -n

Apple Server Admin Tools  10.5.5

  • the most recent installer package provides (amongst other things) Apple Workgroup Manager, useful for managing users and groups with or without Mac OS X Server

— for example, Workgroup Manager | Server menu | Connect… | Address: localhost

  • users of some prior versions of these tools and utilities may not necessarily gain the update to 10.5.5 through Apple Software Update… routine.

Feature request

Maybe, tweak Plone's make_plone_user.sh to avoid UID and GID 57 and 50 (more on 50 in due course) until the symptoms here can be explained.

Note that I'm not assuming a bug in Plone or its installers :) — there may be issues with Apple-related commands/installations.

Attachments

deleting both UID and GID 57 for zeo does not guarantee a clean GID 57 following re-installation of Plone.png Download (118.8 KB) - added by grahamperrin 6 years ago.
Screen shot of Workgroup Manager supporting my observation 1 in ticket:8583 focused on UID/GID 57

Change History

comment:1 Changed 6 years ago by grahamperrin

  • Cc kleist added

Changed 6 years ago by grahamperrin

Screen shot of Workgroup Manager supporting my observation 1 in ticket:8583 focused on UID/GID 57

comment:2 Changed 6 years ago by kleist

  • Cc kleist removed

comment:3 Changed 6 years ago by smcmahon

  • Priority changed from trivial to major
  • Status changed from new to closed
  • Resolution set to fixed

There was a bug in the user id code for Leopard. That should be fixed in the current Unified Installer and OS X installer.

Thanks!

comment:4 Changed 6 years ago by grahamperrin

@ smcmahon

  1. Thanks!
  1. For the benefit of other readers, is the fix present in both Plone-3.1.6-UnifiedInstaller and experimental Plone-3.1.6-ex-UnifiedInstaller ?
  1. Sometime please ping me in < irc://irc.freenode.net/#plone> or Jabber grahamperrin@… to discuss a possibly related aspect…

comment:5 Changed 6 years ago by smcmahon

Good question. This change is in the 3.1ex branches and trunk (3.2.x). The OS X binary installer is built on the 3.1ex branch.

comment:6 Changed 5 years ago by hannosch

  • Milestone changed from 3.x to 3.3

comment:7 Changed 5 years ago by hannosch

  • Component changed from Installer (Unified) to Installers

comment:8 Changed 4 years ago by grahamperrin

  • Keywords dscl added

Without re-opening this ticket:

Note: See TracTickets for help on using tickets.