nix-installer icon indicating copy to clipboard operation
nix-installer copied to clipboard

Published 20 hours ago verified publisher icon DeterminateSystems

Unable to run installer if userid 301 already exists

Open SeanAMartin opened this issue 1 year ago • 3 comments

As the install script isn't directly exposed in the determinate systems installer, there is no way to override the variable when installing. As a result:

Error

Error: 
   0: Install failure
   1: Error executing action
   2: Action `create_users_and_group` errored
   3: Action `create_user` errored
   4: Failed to execute command with status 55 `"/usr/bin/dscl" "." "-create" "/Users/_nixbld1" "UniqueID" "301"`, stdout: 
      stderr: <main> attribute status: eDSRecordAlreadyExists
      <dscl_cmd> DS Error: -14135 (eDSRecordAlreadyExists)

Metadata

key value
version 0.16.1
os macos
arch aarch64

SeanAMartin avatar Feb 09 '24 15:02 SeanAMartin

There is a way to override which user ID the installer starts at, the --nix-build-user-id-base flag or NIX_INSTALLER_NIX_BUILD_USER_ID_BASE environment:

https://github.com/DeterminateSystems/nix-installer/blob/15802f0730689f2016058e3b5343e40b9ca299f2/src/settings.rs#L129-L143

This is documented in nix-installer install --help:

      --nix-build-user-id-base <NIX_BUILD_USER_ID_BASE>
          The Nix build user base UID (ascending)
          
          [env: NIX_INSTALLER_NIX_BUILD_USER_ID_BASE=]
          [default: 30000]

In your case, you could set NIX_INSTALLER_NIX_BUILD_USER_ID_BASE=302.

I am a bit confused why we did not detect this in the planning phase, do you happen to know what the username of UID 301 is?

dscl . -list /Users UniqueID | grep 301

I believe we can make the planner code a bit more robust to avoid this in the future, it should probably check by ID as well:

https://github.com/DeterminateSystems/nix-installer/blob/15802f0730689f2016058e3b5343e40b9ca299f2/src/action/base/create_user.rs#L52-L75

Hoverbear avatar Feb 09 '24 18:02 Hoverbear

I hit this same issue. Running export NIX_INSTALLER_NIX_BUILD_USER_ID_BASE=302 before the install fixed the problem.

I am a bit confused why we did not detect this in the planning phase, do you happen to know what the username of UID 301 is?

UID 301 on my machine was taken by user _defendpoint, which seems to have been created by an install of BeyondTrust Endpoint Privilege Management. I do have BeyondTrust software installed on this machine, but I can't find much about that user online. This is the only thing I could find saying that their software manages that user in their MacOS installs: https://www.beyondtrust.com/docs/release-notes/privilege-management/windows-and-mac/mac/pm-mac-22-9.htm

quot avatar Feb 27 '24 23:02 quot

I hit the same issue because I had some packages installed by MacPorts which used some UIDs in the default range. The installer options weren't clear immediately because you have to specify the subcommand before issuing --help to see the right ones.

Hopefully the installer can check this in the future prior to performing any actions.

elefantes avatar May 24 '24 22:05 elefantes