FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Packaging

 
 
LinkBack Thread Tools
 
Old 12-20-2011, 11:26 AM
Simone Caronni
 
Default fedora-usermgmt

Many thanks for both explanations.

It seems the situation was even worse:

[slaanesh@3zpc0560 ~]$ cat /usr/share/doc/setup-2.8.36/uidgid | grep bacula
bacula 133 133 /var/spool/bacula /sbin/nologin bacula

So the situation was as follows:
- "fedora-usermgmt" created 333 (300+33) as fixed uid.
- No deletion of userdir with fixed uid.
- "setup" contains 133 as fixed uid.
- EPEL dependency on all packages to have 333 as fixed uid.

So basically I'm just triggering a rebuild of the current package but
changing the uid from 33 to 133 in the specfile.

No EPEL dependency, stati uid already allocated in "setup", etc.

Regards,
--Simone




On 20 December 2011 13:23, Ondrej Vasik <ovasik@redhat.com> wrote:
> On Tue, 2011-12-20 at 12:59 +0100, Michael Schwendt wrote:
>> On Tue, 20 Dec 2011 12:24:21 +0100, SC (Simone) wrote:
>>
>> > Hello,
>> >
>> > can you please explain that a bit further? I don't think I understand,
>> > I see this reference at
>> > http://fedoraproject.org/wiki/PackageUserCreation:
>>
>> You've quoted the relevant part. Here:
>>
>> > Another solution might be semi-static UIDs, which are relative to a
>> > system-wide value and unique for the entire Fedora Project. The
>> > current (experimental) implementation uses the file
>> > /etc/fedora/usermgmt/baseuid to configure the value to which the
>> > relative UID would be added. As an example, when
>> > /etc/fedora/usermgmt/baseuid contains "30000", the user 'joe', with
>> > the semi-static UID 23, will get the final UID 30023 (30000+23)."
>
> Yep, and that's what the bacula is working with - Simone mentioned
> http://fedoraproject.org/wiki/PackageUserRegistry - which was created
> for this experimental implementation based on baseuid - and 33 is
> reserved there for bacula user/group . But this reservation is not for
> 33:33 uidgid pair, but for baseuid+33:baseuid+33 uidgid pair (and
> fedora-useradd or %fedora_useradd macro should be used for it instead of
> shadow-utils /usr/sbin/useradd )
>
>> So, if you drop using fedora-usermgmt, you cannot keep the relative (!)
>> uid 33 that has been registered for it. 33 is "amandabackup":
>>
>> * $ rpm -qd setup
>> * /usr/share/doc/setup-2.8.36/COPYING
>> * /usr/share/doc/setup-2.8.36/uidgid * * * * * <-- (!)
>>
>> Package "setup"'s %changelog mentions a lot of activity related to reserving
>> system uids/gids.
>
> Yep, that's right, 33 is reserved for amandabackup user ...
> Please note that threshold of 200 is now used for statically allocated
> ID's (that's respected in useradd (shadow-utils) - shadow-utils changed
> its dynamic user creation, so now it goes downwards. This change was
> done in ~F11 and no issues with it were reported so far.
>
>> > The file /etc/fedora/usermgmt/baseuid contains 300, so I'm guessing
>> > the correct setup for Bacula would be to set 333 as the uid/gid. Is
>> > that correct?
>>
>> You would first need to have uid 333 registered/reserveed as a fixed uid.
>
> I don't think that this is a good idea - you either should have static
> ID (network/virtual machines facing, storing sensitive data) or dynamic
> system user creation should be ok for you.
>
>> > The previous version used fedora-usermgmt (so uid 333) but did not
>> > remove the user and directory;
>>
>> Well, then it isn't following the guidelines, which mention the userdel
>> scriptlets.
>>
>> > that is pointless anyway because you
>> > don't remove the directory only if you have it dynamic.
>>
>> However, if the directory contains files created at run-time, the package
>> should not "rm -rf" those files when uninstalling, so it could remove the
>> empty dir.
>> --
>
> Greetings,
> * * * * Ondrej Vasik
>
> --
> packaging mailing list
> packaging@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/packaging



--
You cannot discover new oceans unless you have the courage to lose
sight of the shore (R. W. Emerson).
--
packaging mailing list
packaging@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/packaging
 
Old 12-20-2011, 12:05 PM
Michael Schwendt
 
Default fedora-usermgmt

On Tue, 20 Dec 2011 13:23:57 +0100, OV (Ondrej) wrote:

> > > The file /etc/fedora/usermgmt/baseuid contains 300, so I'm guessing
> > > the correct setup for Bacula would be to set 333 as the uid/gid. Is
> > > that correct?
> >
> > You would first need to have uid 333 registered/reserveed as a fixed uid.
>
> I don't think that this is a good idea - you either should have static
> ID (network/virtual machines facing, storing sensitive data) or dynamic
> system user creation should be ok for you.

But it has been reserved already.

$ grep -i bacu /usr/share/doc/setup-2.8.36/uidgid
bacula 133 133 /var/spool/bacula /sbin/nologin bacula

* Tue Jan 12 2010 Ondrej Vasik <ovasik redhat com> 2.8.14-1
- reserve uidgid pair 133:133 for bacula(#554705)

That ticket cannot be displayed, unfortunately, so I can't learn about
the details why 133 has been chosen.
--
packaging mailing list
packaging@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/packaging
 
Old 12-20-2011, 12:08 PM
Simone Caronni
 
Default fedora-usermgmt

That's it, thanks, I already changed that in rawhide as per previous mail.

Regards,
--Simone


On 20 December 2011 14:05, Michael Schwendt <mschwendt@gmail.com> wrote:
> On Tue, 20 Dec 2011 13:23:57 +0100, OV (Ondrej) wrote:
>
>> > > The file /etc/fedora/usermgmt/baseuid contains 300, so I'm guessing
>> > > the correct setup for Bacula would be to set 333 as the uid/gid. Is
>> > > that correct?
>> >
>> > You would first need to have uid 333 registered/reserveed as a fixed uid.
>>
>> I don't think that this is a good idea - you either should have static
>> ID (network/virtual machines facing, storing sensitive data) or dynamic
>> system user creation should be ok for you.
>
> But it has been reserved already.
>
> $ grep -i bacu */usr/share/doc/setup-2.8.36/uidgid
> bacula *133 * * 133 * * /var/spool/bacula * * * * * * * /sbin/nologin * bacula
>
> * Tue Jan 12 2010 Ondrej Vasik <ovasik redhat com> 2.8.14-1
> - reserve uidgid pair 133:133 for bacula(#554705)
>
> That ticket cannot be displayed, unfortunately, so I can't learn about
> the details why 133 has been chosen.
> --
> packaging mailing list
> packaging@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/packaging



--
You cannot discover new oceans unless you have the courage to lose
sight of the shore (R. W. Emerson).
--
packaging mailing list
packaging@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/packaging
 

Thread Tools




All times are GMT. The time now is 08:21 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org