Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Consistent UIDs may solve file transfer issues Network
I have several machines that I routinely transfer files between. After a rebuild of a PowerBook, I was unable to upload files successfully (but I could download files without issue.) The error indicated that I did not have permissions to upload. I spent a lot of time looking at owner, group and other settings between the machines, all to no avail...

Then, I realized that in the rebuild of the PowerBook, I had created a "testuser" account first, and then constructed my usual user (we'll call it "user") account. This meant that testuser had a User ID (UID) of 501, and my user account had a UID of 502. This, apparently, was a the root of my problem when transferring files between my PowerBook and all my other machines (all of which had a UID of 501 for my user accounts).

The solution, for me, was to use NetInfo Manager, found in /Applications -> Utilities:
  1. Logout as my usual user.
  2. Login using my "Administrator" account.
  3. Launch NetInfo Manager, and unlock it with my admin password.
  4. Select users, select "testuser" and change the value of the UID to 502.
  5. Select users, select my "user" account and change the UID to 501.
  6. Save the changes and quit.
Then, from the Terminal, recursively change the ownership of the contents of each of the account's Home directories to their newly assigned UIDs:
% cd /Users
% sudo su -
% chown -R testuser testuser
% chown -R user user
After logging back in as "user," I have had no problems with network file exchanges between these various machines. It seems that keeping UIDs consistent between peers on a network may solve some annoyances!

[robg adds: I can't really test this one, so I'd welcome any comments on the subject of UID differences causing issues between machines on the same net...]
    •    
  • Currently 2.00 / 5
  You rated: 2 / 5 (5 votes cast)
 
[12,789 views]  

Consistent UIDs may solve file transfer issues | 22 comments | Create New Account
Click here to return to the 'Consistent UIDs may solve file transfer issues' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Consistent UIDs may solve file transfer issues
Authored by: i5m on Oct 26, '05 07:10:13AM

I can only confirm that it is important.

When my old imacG3 died I stuck the hard drive in a firewire case. When plugged into my powerbook the access rights to the /Users folders didn't match up with accounts on my powerbook.

Seems obvious afterwards, but you rarely come across UIDs in normal use.



[ Reply to This | # ]
Consistent UIDs may solve file transfer issues
Authored by: whoadoggy on Oct 26, '05 07:13:40AM

A related question (that may belong better in the forums) is that I find each new user is also given his/her own group ID (GID). The makes it harder to share folders among group members. Is there a good reason for this? Any way to change the default behavior? Is it better to change the GID to match the group you want to join or to add the member to the group?

Ultimately why would each user want a unique GID? Sorry if this isn't the best place for this question, but it is apropos.



[ Reply to This | # ]
Consistent UIDs may solve file transfer issues
Authored by: i5m on Oct 26, '05 08:26:11AM

I did try this by also adding all users to a new group. I think I used a piece of software called "Share points" for this. I had better luck with this than NetInfo.



[ Reply to This | # ]
Why UID=GID
Authored by: gshenaut on Oct 26, '05 12:27:50PM
This is an old UNIX debate, which has been won for the most part by the UID=GID faction.

The classic model is to have all users assigned to a default group, like "user" or whatever. This is simple, but it means that if you turn on group permissions to a resource, everyone in the "user" group (that is, everyone) has access to it. This is redundant, since there are "other" permissions for that purpose. Therefore, for protection, the umask is set in such a way (022) as to prevent everyone from having write access. However, this setting for umask makes it difficult to use the GID for resource sharing, because files must be created without group write permission.

The current model gives each user a unique GID matching the UID. Under this model, the umask should generally be set to 002, because enabling group write access by default does no harm, since each person has his own group. As a result, people can now create additional groups for specific purposes and assign users to them (typical examples are things like bin, web, lab, proj023, and so on). Since files inherit group ownership from the parent directory, then with a default umask of 002, you can set up group-specific directories in which members of the group can all read and write the files; it's very easy and works great.

Sometimes even when the UID=GID model is used, the umask is sometimes left as the default 022; this isn't a security problem, but it prevents the group file-sharing I just described. To take advantage of the possibilities in the UID=GID model, you need to run your shell's umask command at some point in the start-up. You should also use

defaults write -g NSUmask 2
so that non-shell commands do this correctly.

You can get more info about the user, group, other permissions with "man chmod", and read a bit about umask with "man 2 umask".

Greg Shenaut

[ Reply to This | # ]

... and ACLs
Authored by: sjk on Oct 26, '05 10:47:00PM
Nice explanation of those issues. Some mention of how ACLs (new in 10.4) attempt to solve certain permission issues would be relevant but that's more for OS X Server than Client. "Grokking Darwin ACLs" is a good overview of that topic.

The UNIX permission system is near the top of my list of "legacy" components that are overdue for replacement. It was designed for handling relatively small numbers of non-networked files and users. It simply doesn't scale well with growth, obviously. ACLs may provide some temporary relief but they add a layer of complexity and new issues while avoiding the real underlying problems.

[ Reply to This | # ]
Consistent UIDs may solve file transfer issues
Authored by: Spartacus on Oct 26, '05 07:14:40AM

Tentative explanation from an autodidact, by all means correct me if I'm wrong:

When a user copies a file, the copy takes the user's UID, meaning that the user is the owner of the copy. So when you (user 501) download a file owned by user 502, you become the owner of the copy.

When you upload, on the other hand, you put a file owned by user 501 (you) on the other machine, so when you try to access it from your account of that machine (user 502), you're not the owner of the file.

When both UIDs match, you don't see that problem as all files belond to user 501.

The key when you have multiple users that won't necessarily have the same UID (e.g. because there are several users on one machine) is that the user that will use the file makes the copy (i.e. in your case "download"), in order to become the owner. However, if like me you are the main user of several machines, it's indeed more convenient to have the same UID on all Macs.



[ Reply to This | # ]
There is something I still don't get
Authored by: hamarkus on Oct 26, '05 09:56:19AM

That is how I understand it as well but I guess I am still missing something, because to me this system really looks ridiculous.

Example 1: Two Macs with one user each, both have the same UID (501). Connect them directly or via a network and they can read each others files because they have the same UID????

Example 2: Two Macs (A & B) with two users (1 & 2) each, one having UID 501 and the other 502 respectively. User 1 on Mac A tries to share files with user 2 on Mac B via an external firewire drive. They cannot read each others file on the drive because they have different UIDs (if the box, 'Ignore ownership on this volume' is not checked)????



[ Reply to This | # ]
Consistent UIDs may solve file transfer issues
Authored by: patchets on Oct 26, '05 07:26:42AM

I can attest to this being an issue. I ran a network at a small video editing office and I had problems setting up an automated backup of all the computers at night. When one of the machines was using a 502 UID there would always be problems getting the files to sync correctly.

It seems to me that if you've got two machines and the same user name on both that when transfering files the UID for the file should change to match the new machine. But, perahps thats a little too complicated for UNIX.



[ Reply to This | # ]
for NFS too
Authored by: Mark Barton on Oct 26, '05 07:54:23AM
Another case that I found where UIDs are important is with NFS (the Unix network file-sharing system). They have it set up so that to access the files on the Unix cluster at work, the UID of the account on my PowerBook has to match the UID of my work account (but no other password protection or the like). Every so often when I have to do a complete system reinstall due to bad corruption or a new computer, I let the installer create the default admin account at UID=501 then use the above procedure to change it to 382. I also take the opportunity to change my shell to tcsh and I use the following tcsh command to renumber any files that have been created under the old number

sudo find / -user 501 -exec chown 382 '{}' ;


[ Reply to This | # ]
for NFS too
Authored by: kevster on Oct 26, '05 09:10:02AM

we use an xserve connected to a couple of xraids for a Network Attached Storage. All of our network servers a unix/linuxed/hpux based connect to the NAS via NFS.

In order for all of these different servers to share storage on the NAS, we insure that each user account UID is consistant. This has all but eliminated any permissions issues we had. This was pretty easy to do as we have most of the servers authenticating to the Open Directory services on the xserve.

kev



[ Reply to This | # ]
UID matching applescript
Authored by: lazymutt on Oct 27, '05 01:49:41PM
I scripted a solution for this to ease AFS usage during our migration to OSX. It's called uidMatch and it's available at my website. Source included.
[<a href="http://www-personal.umich.edu/~mcdan/index.html"> Largely Superfluous AppleScript </a>]


[ Reply to This | # ]
NFS Lacie Ethernet Disk RAID
Authored by: Pythonista on Feb 26, '07 05:02:43AM

I have a Lacie Ethernet Disk RAID that I want to access from Powerbooks using NFS. How can I see the UID and GID on the Lacie? How do I create a new uid on the Mac? What is the step by step procedure to make all this work? I am connected to the NFS folder in the finder but I don't have enough permission to work with it.



[ Reply to This | # ]
Consistent UIDs may solve file transfer issues
Authored by: ldm on Oct 26, '05 11:39:39AM

It does indeed matter.

I have a Linux server at home with 2 Macs (G5 & PB) as well as another PC (linux). My user uses the same UID all over the place. This was particularly important for sharing the iTunes library which happens to sit on an NFS share on the linux server. It is also a good idea to give sane groups to the users to make sure that sharing (again the iTunes lib) across users does not raises any issues.

This is the reason (consistency of UIDS) behind the existence of yellow page systems like NIS where there is a centralized database that stores all users their uids and gids and where all clients consults the NIS server to authenticate and allways use the same uid. There is only one machine to update with NIS: the NIS server itself. The "local" machines do not store the uid/gid data.



---
--
Laurent



[ Reply to This | # ]
let's sort out different cases here
Authored by: davidduff on Oct 26, '05 03:14:58PM

just to avoid incorrect inferences being made here...

i suggest that we distinguish different cases here:

1. write files onto a device (usb key drive, firewire drive, etc.) and "share" files by taking the device from one machine to another.

2. filesharing using one of the standard filesharing protocols (nfs, cifs, afp ...).

a) where the machines are in a common "cluster" of some sort - i.e., using a common network server (netinfo, windows domain server, etc.) for authentication/account info, such as client to server or client to client in an environment with a central server.

b) where the machines are independent - i.e. with no common repository of authentication/account info, i.e. peer-to-peer sharing.

it was my belief that in case #1, the UID matters. files are written onto the device and the only user/group info stored on the device is the uid/gid numbers (not names). so if you try to write something as user "fred", uid 501 on machine a, then disconnect it and take it over to machine b where "barney" is 501 and "fred" is 502, then barney will be able to read it and fred won't.

it was my belief that in cases 2a UID matters indirectly in the sense that you authenticate against a central authentication server and then all machines you talk to who use the same server will recognize your uid.

it was my belief that in case 2b UID is irrlevant. when you connect to the other server, you must authenticate separately. so using the example above, if you are fred on machine a and you want to access files on machine b, you must first authenticate on machine b. when you authenticate, you do so by providing username and password (not uid), so fred on machine a could authenticate as barney on machine b (who happens to have the same uid) or as fred on machine b (different uid). in either case, the (mis-)match of uid's is irrelevant.

some of the statements above would seem to challenge these beliefs, however... anyone have a concrete case to describe?



[ Reply to This | # ]
Thanks!
Authored by: hamarkus on Oct 26, '05 04:11:55PM

Thanks for the clearest description of the issue I have ever seen.

Do I understand it correctly that 1b is only relevant if the box: 'Ignore Ownership on this device" is not checked?
And would it make sense to leave this box unchecked in a "b" scenario anyway (assuming the device is not used for permission relevant stuff like backing up operating systems)?
Could any problems arising from a 1b scenario be simply solved by checking that box?
And what happens if the box gets checked? Are permissions still stored but simply no longer enforced and can they be recovered by unchecking that box again?



[ Reply to This | # ]
In your case 2b
Authored by: gshenaut on Oct 26, '05 05:03:43PM
if I understand you, you have two machines A, B which share files via, say, NFS, and you have a different UID on each machine. First, you work from machine A, and create a file F on machine B using UID-A (the file is owned by UID-A). Then later on, you work from machine B and try to access F using UID-B, and fail. Is that what you meant ?

Greg Shenaut

[ Reply to This | # ]

In your case 2b
Authored by: hamarkus on Oct 27, '05 12:36:02AM

Yes, that is what I meant. Except that I have not tried it out yet. I would just like to know whether I will have problems when I try to do this.



[ Reply to This | # ]
In your case 2b
Authored by: gshenaut on Oct 27, '05 08:30:55AM
If your experience is like mine, you will. We share files like that all the time, and went to constant uid/gid long ago in response to exactly that problem.

Greg Shenaut

[ Reply to This | # ]

Can two users on same machine have same UID?
Authored by: kgp on Oct 28, '05 07:38:06PM

I have a Powerbook that has two user accounts on it and I have only been able to connect to one account over the network. After checking the UID I see that the one I can connect to has a UID of 502 and the one I can't (my wife's) is 501.

My question is this, if I change the UID of her account to 502 will she now be able to connect to her account over the network? Or is it not possible to have two accounts with the same UID on the same machine?

This problem has been bugging me forever and I could never find a solution to it.



[ Reply to This | # ]
Can two users on same machine have same UID?
Authored by: chris_on_hints on Oct 31, '05 08:46:13AM

i really dont think you should have two users on the same machine with identical UIDs. that would cause problems.



[ Reply to This | # ]
Can two users on same machine have same UID?
Authored by: manifest37 on Nov 05, '05 11:38:56AM

That is not possible. The UID is and has to be unique.



[ Reply to This | # ]
Can two users on same machine have same UID?
Authored by: martyl on Dec 04, '05 09:20:44PM

Relating to this, I put a large HD into my G4 tower to allow me to back up my PB and my wife's iBook. The G4 has an admin account for me, and an account for my daughter. I tried 'Ignore ownership" on the HD, but still get errors when trying to save files to that drive from my PB. How can I set permissions on the large HD (shared via Airport) to allow us to back up our machines into 2 folders on that drive?


---
Marty Lindower



[ Reply to This | # ]