I've upgraded two Mac OS machines (10.3 and 10.4, both PPC) successfully to the development version of BOINC 5.8.3. As instructed, after copying the boinc and boinc_cmd executables to my boinc directory (I have all of my installations custom installed in a nested directory in my home folder, not in the /Library/Applications Support/BOINC folder, if this makes any difference), I ran the Mac_SA_Secure.sh script as root from within the boinc directory. These two installations succeeded with no problem whatsoever.

The third machine, however (10.3 PPC), wouldn't work--attempting to start BOINC resulted in the following error:

File ownership or permissions are set in a way that
does not allow sandboxed execution of BOINC applications.
To use BOINC anyway, use the -insecure command line option.
To change ownership/permission, reinstall BOINC or run
the shell script Mac_SA_Secure.sh. (Error code -1004)

Upon deeper inspection, all of the file permissions in the boinc directory had been changed so that the user and group were "smmsp" (used by the sendmail system), which NetInfo Manager told me was uid and gid 25. There were also two new users and groups in the NetInfo directory named boinc_manager and boinc_project, but both had uids and gids of 25. (On the other machines, those users were created, but they were assigned random uids and gids, e.g. 30 and 32 on one of the machines, I think).

After examining the code of the Mac_SA_Secure.sh script, while I'm not a scriptwriter or programmer, I could tell that the script attempts to search first for pre-existing users/groups named boinc_manager and boinc_project, and if it can't find them, to create them and start the uid and gid at 25, if it's not already taken.

The problem is, on this last machine, 25 is already taken by that smmsp user and group, but the script somehow isn't catching that and creates the new users/groups with uids/gids of 25 (which then causes the permissions of the boinc directory to get messed up). What's really confusing is that the situation is exactly the same on at least one of the other machines I got upgraded with no problem (there's a smmsp user and group with a uid/gid of 25, and it detected it just fine. (The only difference I can think of is that the first machine is 10.4, and this one is 10.3, although it worked just fine on another 10.3 machine that I can't access right now to check uids and users.)

I tried manually renumbering the boinc_manager and boinc_project users and groups to unused uids/gids and then manually (and carefully) following the permissions instructions in the Mac_SA_Secure.sh script (e.g. "sudo chown -R boinc_manager:boinc_manager .; sudo chmod u+rw,g+rw,o+r-w ." as an example for the first line of permissions, or line 174 in the script), but BOINC still gave me the error when I tried to start it up.

About the only other thing I can add is that I have a cron schedule set to launch boinc. It seemed that sometimes, the boinc app would work just fine if I launched it directly on the command line, but it would fail when it was started by cron; other times it would fail both times (I tried this all multiple times, to my annoyance...). The curious thing is, the command to start it is exactly the same in both places. I've put the cron version here:

0,15,30,45 * * * * cd /Users/[me]/cli/boinc/; ./boinc -return_results_immediately -allow_remote_gui_rpc -redirectio

(I used the same string, minus the times, to start it via the command line. Again, this only seemed to work sometimes...)

I can't think of anything else that would affect this. Any suggestions?

I upgraded because I'm running a customized app in setiathome and I'm also running setiathome beta, and I was told the new core client only looks for apps in the specific project folder, thereby preventing conflicts when new versions of apps come out. For now, I'll hold off, and if we can't solve it, I'll downgrade back to 5.4.9 on this machine.

Thanks in advance!

Sorry I don't have any real help for. However the "return results immediately" flag needs to go, it hasn't done anything for a while.

---

BOINC WIKI

BOINCing since 2002/12/8

I tried manually renumbering the boinc_manager and boinc_project users and groups to unused uids/gids and then manually (and carefully) following the permissions instructions in the Mac_SA_Secure.sh script (e.g. "sudo chown -R boinc_manager:boinc_manager .; sudo chmod u+rw,g+rw,o+r-w ." as an example for the first line of permissions, or line 174 in the script), but BOINC still gave me the error when I tried to start it up.

The user and group names should be boinc_master, not boinc_manager.

Be sure to use NetInfo Manager to remove the bad user and group from your system before trying to repair them.

One possibility is to then run the standard BOINC Manager Installer, which wil create the user and group using C code rather than the shell script, and quit the Manager without attaching to any projects. You can then delete the items that were installed (see the ReadMe file for a list of these). Finally, try running the Mac_SA_Secure.sh script again.

Beyond that, I'm sorry I don't know what else to suggest, other than using the standard BOINC Manager Installer, rather than the bare command-line client. Although this does put the data in the standard installation directory, you can still run the embeded core client from a cron job or the command line. You can find instructions for this in the Mac OSX section of the page at
http://boinc.berkeley.edu/bare_core.php

After installing the BOINC Manager in the standard way, Instead of reattaching to your projects, quit the manager and copy the data from your current BOINC directory into the one created in the /Library/Application Support/ folder. This is my recommended way of accomplishing what I think you want to do.

(A possible alternative to copying your data might be to replace the "/Library/Application Support/BOINC Data" directory with a UNIX symbolic link (not a Mac Finder alias) to your current BOINC directory. You can create the link using the "ln -s" command in the terminal. However, I haven't tried this so it may not work.)

You can also find more information on the new security implementation at
http://boinc.berkeley.edu/sandbox_user.php

I'm sorry I don't have any ideas as to why the script is failing to recognize the existing uid and sid.

I hope this helps.

Cheers,
--Charlie

---

Charlie Fenton
BOINC / SETI@home Macintosh & Windows Programmer

My typo--yes, I had been using boinc_manager in all of my NetInfo stuff--I just mistyped it as boinc_master here.

Well, I finally got it to run. I followed your steps, but when I copied the other files into the /Library/Application\\ Support/BOINC\\ Data/ directory (I've decided just to run everything from there), it still gave me the error. After checking the permissions in that directory--because I had copied it all in, it still had permissions from before (i.e. jackal:staff or whatever)--I reran the BOINC Manager installer after I had copied everything in. After doing so, I checked again, and the permissions are fixed.

When I attempted to run boinc, I then got a different error: GUI RPC bind failed. However, at least we're past the permissions problems! I had this pop up on one of the other machines I upgraded, but I forget how I fixed it.

Then, to my surprise, my cron job kicked in, and now BOINC is running! However, I can't access it with the BOINC Manager GUI app. I'm hesitant to mess with it now that it's working, but I'll take a look at it tonight after I've run my errands. At least I'm crunching for now!

Oh, one other thing to clarify: I'm using the following command to launch boinc in the crontab:

cd /Library/Application\\ Support/BOINC\\ Data/; /Applications/BOINCManager.app/Contents/Resources/boinc -allow_remote_gui_rpc -redirectio

(Yes, I got rid of the -return_results_immediately flag...)

So, as you can see, I *do* have the -allow_remote_gui_rpc flag set, and I do have a gui_rpc_auth.cfg file with a password, so I'm not sure why I can't access it with BOINC Manager from here (my laptop). My next step will be to check if I can access it with BOINC Manager on the actual computer itself. When I do try to connect from here, I get the following error in stdoutdae.txt:

2007-01-20 13:16:50 [---] GUI RPC request from non-allowed address xx.xx.xx.xx

Uh oh: now, I've got a problem. In that same file (stdoutdae.txt), I'm seeing this AFTER that above line:

File ownership or permissions are set in a way that
does not allow sandboxed execution of BOINC applications.
To use BOINC anyway, use the -insecure command line option.
To change ownership/permission, reinstall BOINC or run
the shell script Mac_SA_Secure.sh. (Error code -1004)

And doing a ps -ax | grep boinc returns no results, but doing a ps -ax | grep seti does (setiathome-5.17.powerpc-apple-darwin)...and top reports seti using 80%+ of my CPU. Looks like boinc quit, but somehow setiathome got launched and stayed launched.

I'll leave it running for now (at the very least, one S@H Beta WU will get processed) and take a look when I get home. Anyone have any revised suggestions?

My typo--yes, I had been using boinc_manager in all of my NetInfo stuff--I just mistyped it as boinc_master here.

Grr...I did it again. I had been using boinc_master on the computer and mistyped it as boinc_manager on here.

I'll say it this way: whatever the correct one was, I used it. That should cover me... ;-)