nix icon indicating copy to clipboard operation
nix copied to clipboard
verified publisher icon NixOS

Installing on MacOS fails when user UID is already in use

Open johncoder opened this issue 7 years ago • 8 comments

While installing nix on MacOS it fails while creating build user 5:

~~> Setting up the build user nixbld5
<main> attribute status: eDSRecordAlreadyExists
<dscl_cmd> DS Error: -14135 (eDSRecordAlreadyExists)

---- oh no! --------------------------------------------------------------------
Jeeze, something went wrong. If you can take all the output and open
an issue, we'd love to fix the problem so nobody else has this issue.

:(

We'd love to help if you need it.

If you can, open an issue....

After some investigation, I realized it fails because I have a _sophos user with UniqueID "30005"

dscl . -search /Users UniqueID "30005"

yields:

_sophos		UniqueID = (
	30005
)

Is there a way to work around this?

johncoder avatar Jun 19 '18 21:06 johncoder

This is definitely a serious issue! We may be able to just skip user id that is taken.

/cc @grahamc

matthewbauer avatar Jun 21 '18 02:06 matthewbauer

I'm not sure how to approach this. Having some non-nix UIDs in the nix block would seem sub-optimal to me as well; it would seem better to just choose a different contiguous block.

vcunat avatar Jun 24 '18 11:06 vcunat

I marked this as stale due to inactivity. → More info

stale[bot] avatar Feb 16 '21 00:02 stale[bot]

I closed this issue due to inactivity. → More info

stale[bot] avatar Apr 29 '22 19:04 stale[bot]

Duplicate(?) issue still open here: https://github.com/NixOS/nix/issues/6153

bjornfor avatar Apr 30 '22 08:04 bjornfor

on macos sequoia the uid 301 is now being used by _modelmanagerd:

dscl . -search /Users UniqueID "301"                                                                                                                      ─╯
_modelmanagerd		UniqueID = (
    301
)

resulting in

---- sudo execution ------------------------------------------------------------
I am executing:

    $ sudo /usr/bin/dscl . create /Users/_nixbld1 UniqueID 301

Creating the Nix build user (#1), _nixbld1

<main> attribute status: eDSRecordAlreadyExists
<dscl_cmd> DS Error: -14135 (eDSRecordAlreadyExists)

fbettag avatar Jun 11 '24 17:06 fbettag

on macos sequoia the uid 301 is now being used by _modelmanagerd:

dscl . -search /Users UniqueID "301"                                                                                                                      ─╯
_modelmanagerd		UniqueID = (
    301
)

resulting in

---- sudo execution ------------------------------------------------------------
I am executing:

    $ sudo /usr/bin/dscl . create /Users/_nixbld1 UniqueID 301

Creating the Nix build user (#1), _nixbld1

<main> attribute status: eDSRecordAlreadyExists
<dscl_cmd> DS Error: -14135 (eDSRecordAlreadyExists)

Hi there, just upgraded to sequoia to day, would recommend https://github.com/DeterminateSystems/nix-installer?tab=readme-ov-file and set the following

NIX_INSTALLER_NIX_BUILD_USER_ID_BASE=400 curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install

Though I do think build user id should just start at 400 since Apple might add new build users in the future

aarnphm avatar Jun 12 '24 05:06 aarnphm

I woke up today to see that _nixbld1 through _nixbld4 were suddenly missing on macOS Sequoia Seed 1 AKA 15.0 Beta (24A5264n), so I'll drop the other users for posterity. dscacheutil -q user outputs:

name: _modelmanagerd
password: *
uid: 301
gid: 301
dir: /var/db/modelmanagerd
shell: /usr/bin/false
gecos: Model Manager

name: _reportsystemmemory
password: *
uid: 302
gid: 302
dir: /var/empty
shell: /usr/bin/false
gecos: ReportSystemMemory

name: _swtransparencyd
password: *
uid: 303
gid: 303
dir: /var/db/swtransparencyd
shell: /usr/bin/false
gecos: Software Transparency Services

name: _naturallanguaged
password: *
uid: 304
gid: 304
dir: /var/db/com.apple.naturallanguaged
shell: /usr/bin/false
gecos: Natural Language Services

These users overwrote the Nix build users overnight. Maybe the default user ID base should be bumped?

slice avatar Jun 22 '24 20:06 slice

I have noticed this issue on MacOS Sequoia read my issue that linked this one.

Eveeifyeve avatar Jul 09 '24 04:07 Eveeifyeve

on macos sequoia the uid 301 is now being used by _modelmanagerd:

dscl . -search /Users UniqueID "301"                                                                                                                      ─╯
_modelmanagerd		UniqueID = (
    301
)

resulting in

---- sudo execution ------------------------------------------------------------
I am executing:

    $ sudo /usr/bin/dscl . create /Users/_nixbld1 UniqueID 301

Creating the Nix build user (#1), _nixbld1

<main> attribute status: eDSRecordAlreadyExists
<dscl_cmd> DS Error: -14135 (eDSRecordAlreadyExists)

Hi there, just upgraded to sequoia to day, would recommend https://github.com/DeterminateSystems/nix-installer?tab=readme-ov-file and set the following

NIX_INSTALLER_NIX_BUILD_USER_ID_BASE=400 curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install

Though I do think build user id should just start at 400 since Apple might add new build users in the future

I have found that the following works for the canonical installer:

NIX_FIRST_BUILD_UID=30001 sh <(curl -L https://nixos.org/nix/install)

Source: https://github.com/NixOS/nix/blob/master/scripts/install-darwin-multi-user.sh#L7

Here is a way to list all taken uids:

% dscacheutil -q user | grep uid | awk '{ print $2 }' | sort -h | uniq
-2
0
1
4
13
24
25
26
27
31
...

abhillman avatar Jul 13 '24 22:07 abhillman

PR https://github.com/NixOS/nix/pull/11095 should solve this issue. Please feel free +1.

abhillman avatar Jul 13 '24 22:07 abhillman

NIX_FIRST_BUILD_UID=30001 sh <(curl -L https://nixos.org/nix/install)

I received the following error with this command:

It seems the build user _nixbld1 already exists, but with the UID
with the UID ''. This script can't really handle that right
now, so I'm going to give up.

If you already created the users and you know they start from
 and go up from there, you can edit this script and change
NIX_FIRST_BUILD_UID near the top of the file to  and try
again.

We'd love to help if you need it.

Edit: Running for u in $(sudo dscl . -list /Users | grep _nixbld); do sudo dscl . -delete /Users/$u; done and re-running the installer command worked.

theoparis avatar Sep 02 '24 19:09 theoparis

Fixed in: https://github.com/NixOS/nix/pull/10919

Eveeifyeve avatar Sep 05 '24 00:09 Eveeifyeve

Sort of but not a permanent solution so not really but It's under decision as of this: https://github.com/NixOS/nix/pull/10919#issuecomment-2329777647 A PR has been made 34mins ago that fixes the mistake: https://github.com/NixOS/nix/pull/11433#issue-2506616528

Eveeifyeve avatar Sep 05 '24 02:09 Eveeifyeve

cc @tomberek, close this issue as it's solved in #11433?

Eveeifyeve avatar Sep 06 '24 18:09 Eveeifyeve

It is not solved via sh <(curl -L https://nixos.org/nix/install) yet.. I still have to prepend NIX_FIRST_BUILD_UID=30001

theoparis avatar Sep 08 '24 22:09 theoparis

This issue has been mentioned on NixOS Discourse. There might be relevant details there:

https://discourse.nixos.org/t/macos-15-sequoia-update-clobbers-nixbld1-4-users/52223/3

nixos-discourse avatar Sep 18 '24 11:09 nixos-discourse

It is not solved via sh <(curl -L https://nixos.org/nix/install) yet.. I still have to prepend NIX_FIRST_BUILD_UID=30001

I could have a look at making a pr that changes the users but that still doesn’t fix the issue, right?

Eveeifyeve avatar Sep 18 '24 11:09 Eveeifyeve

@Eveeifyeve my linked PRs don't attempt to directly address this issue (nor is this issue directly related to the sequoia migration). My PRs just move macos installs to a different UID range.

abathur avatar Sep 18 '24 12:09 abathur