Unable to run installer if userid 301 already exists

[SeanAMartin]

As the install script isn't directly exposed in the determinate systems installer, there is no way to override the variable when installing. As a result:

Error

Error: 
   0: Install failure
   1: Error executing action
   2: Action `create_users_and_group` errored
   3: Action `create_user` errored
   4: Failed to execute command with status 55 `"/usr/bin/dscl" "." "-create" "/Users/_nixbld1" "UniqueID" "301"`, stdout: 
      stderr: <main> attribute status: eDSRecordAlreadyExists
      <dscl_cmd> DS Error: -14135 (eDSRecordAlreadyExists)

Metadata

key	value
version	0.16.1
os	macos
arch	aarch64

[Hoverbear]

There is a way to override which user ID the installer starts at, the --nix-build-user-id-base flag or NIX_INSTALLER_NIX_BUILD_USER_ID_BASE environment:

nix-installer/src/settings.rs

Lines 129 to 143 in 15802f0

	/// The Nix build user base UID (ascending)
	#[cfg_attr(
	feature = "cli",
	clap(long, env = "NIX_INSTALLER_NIX_BUILD_USER_ID_BASE", global = true)
	)]
	#[cfg_attr(
	all(target_os = "macos", feature = "cli"),
	doc = "Service users on Mac should be between 200-400"
	)]
	#[cfg_attr(all(target_os = "macos", feature = "cli"), clap(default_value_t = 300))]
	#[cfg_attr(
	all(target_os = "linux", feature = "cli"),
	clap(default_value_t = 30_000)
	)]
	pub nix_build_user_id_base: u32,

This is documented in nix-installer install --help:

      --nix-build-user-id-base <NIX_BUILD_USER_ID_BASE>
          The Nix build user base UID (ascending)
          
          [env: NIX_INSTALLER_NIX_BUILD_USER_ID_BASE=]
          [default: 30000]

In your case, you could set NIX_INSTALLER_NIX_BUILD_USER_ID_BASE=302.

I am a bit confused why we did not detect this in the planning phase, do you happen to know what the username of UID 301 is?

dscl . -list /Users UniqueID | grep 301

I believe we can make the planner code a bit more robust to avoid this in the future, it should probably check by ID as well:

nix-installer/src/action/base/create_user.rs

Lines 52 to 75 in 15802f0

	// Ensure user does not exists
	if let Some(user) = User::from_name(name.as_str())
	.map_err(|e| ActionErrorKind::GettingUserId(name.clone(), e))
	.map_err(Self::error)?
	{
	if user.uid.as_raw() != uid {
	return Err(Self::error(ActionErrorKind::UserUidMismatch(
	name.clone(),
	user.uid.as_raw(),
	uid,
	)));
	}
	if user.gid.as_raw() != gid {
	return Err(Self::error(ActionErrorKind::UserGidMismatch(
	name.clone(),
	user.gid.as_raw(),
	gid,
	)));
	}
	tracing::debug!("Creating user `{}` already complete", this.name);
	return Ok(StatefulAction::completed(this));
	}

[quot]

I hit this same issue. Running export NIX_INSTALLER_NIX_BUILD_USER_ID_BASE=302 before the install fixed the problem.

I am a bit confused why we did not detect this in the planning phase, do you happen to know what the username of UID 301 is?

UID 301 on my machine was taken by user _defendpoint, which seems to have been created by an install of BeyondTrust Endpoint Privilege Management. I do have BeyondTrust software installed on this machine, but I can't find much about that user online. This is the only thing I could find saying that their software manages that user in their MacOS installs: https://www.beyondtrust.com/docs/release-notes/privilege-management/windows-and-mac/mac/pm-mac-22-9.htm

[elefantes]

I hit the same issue because I had some packages installed by MacPorts which used some UIDs in the default range.
The installer options weren't clear immediately because you have to specify the subcommand before issuing --help to see the right ones.

Hopefully the installer can check this in the future prior to performing any actions.