Issue #1468: The pkiuser user/group should be created in rpm %pre, and ideally with fixed uid/gid - dogtagpki

dogtagpki

#1468 The pkiuser user/group should be created in rpm %pre, and ideally with fixed uid/gid

Closed: Fixed None Opened 8 years ago by mharmsen.

The pkiuser user/group is only created when ipa-server-install is run. That
makes it hard to move IPA's data from container to a data volume as in vanilla
container the records won't be there.

And if we do this, we could just as well hardcode some reasonable uid. For
example, httpd does

/usr/sbin/useradd -c "Apache" -u 48 -s /sbin/nologin
-r -d /usr/share/httpd apache 2> /dev/null || :

For pkiuser user:group, uid 17, gid 17 could be used as these were reserved in the Fedora 10 timeframe.

Steps to Reproduce:

1. Install pki-server.
2. Check /etc/group and /etc/passwd for pkiuser.

Actual results:

It's not there.

Expected results:

It should be there.

cheimes commented 8 years ago

The process is explained at https://fedoraproject.org/wiki/Packaging:UsersAndGroups in great detail. I used the recipe the create a user and group for kdcproxy in FreeIPA. According to https://git.fedorahosted.org/cgit/setup.git/tree/uidgid uid 17 and gid 17 are still reserved for pkiuser. FreeIPA hard-codes uid/gid 17 in ipaplatform/redhat/tasks.py, too.

We can safely create the user and group ourselves. The installation code in FreeIPA checks, if the group and user exists, before it attempts to create them.

mharmsen commented 8 years ago

Per CS/DS meeting of 07/13/2015: 10.2.6

mharmsen commented 8 years ago

Cheimes fix for this bug was checked into the 'master':

commit 417adee8bc0607ccf43f1dd80fc08b870088937b
Author: Christian Heimes <cheimes@redhat.com>
Date:   Wed Jul 15 21:49:16 2015 +0200

    Create pkiuser user and group during installation

    The group 'pkiuser' and user 'pkiuser' are now created during the
    installation of the pki-server package.

    https://fedorahosted.org/pki/ticket/1468

Metadata Update from @mharmsen:
- Issue assigned to cheimes
- Issue set to the milestone: 10.2.6

7 years ago

dmoluguw commented 3 years ago

Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new
issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.

This issue has been cloned to GitHub and is available here:
https://github.com/dogtagpki/pki/issues/2027

If you want to receive further updates on the issue, please navigate to the
GitHub issue and click on Subscribe button.

Thank you for understanding, and we apologize for any inconvenience.

Metadata

Assignee

cheimes

Tags

None

Blocking

None

Depending on

None

Priority

major

Milestone

10.2.6

lowhangingfruit

None

reporter

None

rhbz

https://bugzilla.redhat.com/show_bug.cgi?id=1143067

type

defect

version

None

keywords

None

estimate

None

feature

None

origin

Community

proposedpriority

None

fixedinversion

None

platforms

None

blockedby

None

blocking

None

reviewer

None

component

General

proposedmilestone

None

dogtagpki

Source Code

#1468 The pkiuser user/group should be created in rpm %pre, and ideally with fixed uid/gid Closed: Fixed None Opened 8 years ago by mharmsen.

Metadata

#1468 The pkiuser user/group should be created in rpm %pre, and ideally with fixed uid/gid

Closed: Fixed None Opened 8 years ago by mharmsen.