MacOS X Mystery (Challenge)

(Maybe my MacOS X expert friends will know the answer.)

This is a mystery that I cannot seem to figure out.  I think its a bug in the operating system, but I cannot seem to figure out the solution, or even explain the behavior to my satisfaction.

Occasionally, a shell window (iTerm2) will appear to "forget" my identity.

For example:

% whoami
501

That's half right... The same command in other window is more correct:

% whoami
garrett

Further, id -a reports differently:

The broken window:

% id -a
uid=501 gid=20(staff) groups=20(staff),501,12(everyone),61(localaccounts),79(_appserverusr),80(admin),81(_appserveradm),98(_lpadmin),33(_appstore),100(_lpoperator),204(_developer),395(com.apple.access_ftp),398(com.apple.access_screensharing),399(com.apple.access_ssh)

The working one:

% id -a
uid=501(garrett) gid=20(staff) groups=20(staff),501(access_bpf),12(everyone),61(localaccounts),79(_appserverusr),80(admin),81(_appserveradm),98(_lpadmin),33(_appstore),100(_lpoperator),204(_developer),395(com.apple.access_ftp),398(com.apple.access_screensharing),399(com.apple.access_ssh)

It appears that the shell (and this broken behavior seems to be inherited by child shells, by the way), somehow loses the ability to map numeric Unix ids to login names.

So I tried another command:

% dscl . -read /Users/garrett
Operation failed with error: eServerError

The same works properly in my other window (I'm not posting the entire output, since its really long).

I am wondering what could possibly be different.  The behavior doesn't seem to depend on environment variables (I've tried stripping those out).

I'm thinking that there is something in the process table (in the MacOS X equivalent of the uarea?) that gives me access to directory services -- and that this is somehow clobbered.  As indicated, whatever the thing is, it appears to be inherited across fork(2).

I thought maybe I could figure this out with DTrace or dtruss... but Apple have crippled DTrace on the platform and this is one of those binaries that I am unable to introspect.  Arrgh!

sudo dtruss dscl . -read /Users/garrett
Password:
dtrace: system integrity protection is on, some features will not be available

dtrace: failed to execute dscl: dtrace cannot control executables signed with restricted entitlements

Btw, I'm running the latest MacOS X:

% uname -a
Darwin Triton.local 16.0.0 Darwin Kernel Version 16.0.0: Mon Aug 29 17:56:20 PDT 2016; root:xnu-3789.1.32~3/RELEASE_X86_64 x86_64

So, for my MacOS X expert friends -- anyone know how directory services really works?  (As in how it works under the hood?)  I don't think we're in UNIX land anymore, Toto!

Comments

Well, there is SIP since OS X El Capitan which is on by default. Turning it off via Recovery will bring full control over the ship back.

Popular posts from this blog

SP (nanomsg) in Pure Go

An important milestone

GNU grep - A Cautionary Tale About GPLv3