Many thanks for both explanations.
It seems the situation was even worse:
[slaanesh@3zpc0560 ~]$ cat /usr/share/doc/setup-2.8.36/uidgid | grep bacula
bacula 133 133 /var/spool/bacula /sbin/nologin bacula
So the situation was as follows:
- "fedora-usermgmt" created 333 (300+33) as fixed uid.
- No deletion of userdir with fixed uid.
- "setup" contains 133 as fixed uid.
- EPEL dependency on all packages to have 333 as fixed uid.
So basically I'm just triggering a rebuild of the current package but
changing the uid from 33 to 133 in the specfile.
No EPEL dependency, stati uid already allocated in "setup", etc.
On 20 December 2011 13:23, Ondrej Vasik <firstname.lastname@example.org> wrote:
> On Tue, 2011-12-20 at 12:59 +0100, Michael Schwendt wrote:
>> On Tue, 20 Dec 2011 12:24:21 +0100, SC (Simone) wrote:
>> > Hello,
>> > can you please explain that a bit further? I don't think I understand,
>> > I see this reference at
>> > http://fedoraproject.org/wiki/PackageUserCreation:
>> You've quoted the relevant part. Here:
>> > Another solution might be semi-static UIDs, which are relative to a
>> > system-wide value and unique for the entire Fedora Project. The
>> > current (experimental) implementation uses the file
>> > /etc/fedora/usermgmt/baseuid to configure the value to which the
>> > relative UID would be added. As an example, when
>> > /etc/fedora/usermgmt/baseuid contains "30000", the user 'joe', with
>> > the semi-static UID 23, will get the final UID 30023 (30000+23)."
> Yep, and that's what the bacula is working with - Simone mentioned
> http://fedoraproject.org/wiki/PackageUserRegistry - which was created
> for this experimental implementation based on baseuid - and 33 is
> reserved there for bacula user/group . But this reservation is not for
> 33:33 uidgid pair, but for baseuid+33:baseuid+33 uidgid pair (and
> fedora-useradd or %fedora_useradd macro should be used for it instead of
> shadow-utils /usr/sbin/useradd )
>> So, if you drop using fedora-usermgmt, you cannot keep the relative (!)
>> uid 33 that has been registered for it. 33 is "amandabackup":
>> * $ rpm -qd setup
>> * /usr/share/doc/setup-2.8.36/COPYING
>> * /usr/share/doc/setup-2.8.36/uidgid * * * * * <-- (!)
>> Package "setup"'s %changelog mentions a lot of activity related to reserving
>> system uids/gids.
> Yep, that's right, 33 is reserved for amandabackup user ...
> Please note that threshold of 200 is now used for statically allocated
> ID's (that's respected in useradd (shadow-utils) - shadow-utils changed
> its dynamic user creation, so now it goes downwards. This change was
> done in ~F11 and no issues with it were reported so far.
>> > The file /etc/fedora/usermgmt/baseuid contains 300, so I'm guessing
>> > the correct setup for Bacula would be to set 333 as the uid/gid. Is
>> > that correct?
>> You would first need to have uid 333 registered/reserveed as a fixed uid.
> I don't think that this is a good idea - you either should have static
> ID (network/virtual machines facing, storing sensitive data) or dynamic
> system user creation should be ok for you.
>> > The previous version used fedora-usermgmt (so uid 333) but did not
>> > remove the user and directory;
>> Well, then it isn't following the guidelines, which mention the userdel
>> > that is pointless anyway because you
>> > don't remove the directory only if you have it dynamic.
>> However, if the directory contains files created at run-time, the package
>> should not "rm -rf" those files when uninstalling, so it could remove the
>> empty dir.
> * * * * Ondrej Vasik
> packaging mailing list
You cannot discover new oceans unless you have the courage to lose
sight of the shore (R. W. Emerson).
packaging mailing list