MacOS Weirdness

Volume 3, Issue 10; 24 Mar 2019

A true tale of the weird and bizarre. If it’s user error, this user should would appreciate being told his error.

Mostly, I like MacOS. I’ve heard it described as Unix with a decent UX and that’s not an unreasonable summary (there’s lots not to like about walled gardens and enormous corporations that don’t pay taxes, etc., but, candidly, I want to run Photoshop and Lightroom on native hardware instead of a VM and the ecosystem is very nice). Every now and then some bit of its BSD roots surfaces and surprises me, but I’ve never found it problematic.

A little background: I send a lot of email, both in the course of doing the business of my employer and personally. Corporate IT insists that all email be delivered through the Exchange server. They will not deliver mail that arrives via SMTP., because...spam, because...reasons. I’m not winning that fight so I’m not starting it.

I’m not willing to send all my personal email through the corporate email servers, even if that was acceptable under IT policy, which it probably isn’t.

That means email messages have to be routed to the correct server based on sender (mail sent “from” my corporate address, goes through the corporate servers, mail sent “from” my personal address doesn’t). I have figured out how to do this in Exim. I’m not saying it can’t be done with other MTAs, but that’s the one I got to work and I’m happy to stick with it. (I write email in Emacs, I pass it to a delivery agent, that’s the way it works. Alternate solutions that involve using different clients are not interesting to me.)

Corporate email is delivered to DavMail on localhost which proxies SMTP to Exchange and is maybe the best thing ever. Personal email is delivered to an ISP on the internet (listening on a non-standard port because networks that capture all traffic on port 25 are evil). All of this routing is handled transparently by Exim.

When I moved back to the Mac a couple of years ago, I installed Exim with Homebrew and ported my config over. It worked flawlessly. (On this first laptop, my UID was 501 and an alternate administrative user was UID 502; I say this for reasons that will become clear in a moment.)

When I got a new Mac in July, I installed Exim with Homebrew and copied my config to the new laptop. It worked flawlessly. (My UID remained 501.)

My July, 2018 vintage MacBook had a bum keyboard. I’ve complained about that at length elsewhere and to anyone who would listen. Eventually, I decided pursue getting it fixed through AppleCare and, long story elided, they agreed.

Before handing it in, I scrubbed everything off my previous laptop and reinstalled from scratch on it. This time, I carelessly neglected to fix my username on one of the initial installer screens (so I got normanwalsh instead of ndw, which I prefer). Rather than start over, I created a new administrator user with my preferred username. So on this Mac, my UID is 502.

I carefully ported everything over so that I could continue to work while my new laptop was out for repairs. I installed Exim with Homebrew and copied my config over. It worked flawlessly.

A remarkably short two days later, my laptop comes back, new “top case” in place (keyboard, trackpad, and battery because they’re all welded together ☹ ).

I scrubbed everything off it and installed from scratch. I (carefully) setup my account with my preferred username (UID 501) and created a secondary admin user. I installed Exim with Homebrew and copied my config over.

It did not work at all. I got all sorts of errors about files not having the correct owners, errors attempting to specify the owner and group IDs of files created, etc. When I ran Exim with sudo I saw a very strange message about not being able to open a file with the effective UID of 502.

Weird I thought. I removed the secondary admin user. Same thing (well, different thing actually, this time initgroups() fails because there is no user 502.)

At this point, it’s natural to assume that I’ve created some config file or copied some config file or something that identifies the effective UID that Exim should use. But there’s no reference to 502 or the secondary administrative user anywhere in the configuration files, as far as I can see.

I’m hours and hours into the process at this point, scheduled to be on an airplaneHello from LAX! the next morning. Desperation is settling in. I have to be able to send email!

I tried to change my UID to 502. That did not work. Well, it worked in as much as the OS reported that my UID was 502. But attempting to chown files to 502 (and to my preferred username) simply had no effect. (This bit of weirdness I blame on the “Directory Service” crud that’s been bolted on top of straightfoward user and group IDs in /etc files. But I’ve no time to investigate.)

I gave up. I cut my losses. I reformatted the partition and reinstalled from scratch again. (Never mind the hours I’d spent getting apps installed and transferring data: desperation!)

When I got it up and running, the first thing I did was install Exim with Homebrew. (Note that I haven’t copied any data from the old laptop at all at this point except for a couple of Exim configuration files.)

And it still did not work because Exim was still trying to do something with the effective UID of 502!

Where the [expletive deleted] is that coming from!? There isn’t a user with UID 502 on the laptop and there never has been!

I created one. I played silly games with the owners and permissions of the Exim spool files. I made exim setuid root. I got it to work. But I do not understand what is going on!

Is it possible that iCloud/Directory Service is monkeying about in the guts of the OS and causing some getuid() function to return 502 when it should return 501?I’m going to write a little C program to make the same calls that exim does and see what answers I get, but I haven’t had time. Yes, I suppose it’s possible, but that sure seems weird. You can’t expect to get the same UID on every device.

What is going on? I do not know and I do not know what to do about it. I’ll report the issue upstream to the Homebrew and Exim maintainers, but I won’t be surprised if they don’t believe me.

(I could scrub it all and start over again and arrange to be UID 502. Maybe I should, but that’s another bunch of hours of work and I have a plane to catch.)

Anyone with a clue, please don’t neglect to pass it along.