#48285 The dirsrv user/group should be created in rpm %pre, and ideally with fixed uid/gid
Closed: Fixed None Opened 4 years ago by nhosoi.

Description of problem:

The dirsrv user/group is only created when ipa-server-install is run. That
makes it hard to move IPA's data from container to a data volume as in vanilla
container the records won't be there and the directory server will refuse to
start: Unknown user 'dirsrv'.

And if we do this, we could just as well hardcode some reasonable uid. For
example, httpd does

/usr/sbin/useradd -c "Apache" -u 48 \
        -s /sbin/nologin -r -d /usr/share/httpd apache 2> /dev/null || :

For dirsrv user, uid 389 could be used (but we'd need to verify if it's not
used by someone else).

Version-Release number of selected component (if applicable):

389-ds-base-1.3.1.6-26.el7_0.x86_64

How reproducible:

Deterministic.

Steps to Reproduce:
1. Install 389-ds-base.
2. Check /etc/group and /etc/passwd for dirsrv.

Actual results:

It's not there.

Expected results:

It should be there.

Additional info:

rpm -i 389-ds-base...

egrep dirsrv /etc/passwd /etc/group

/etc/passwd:dirsrv:x:389:389:389-ds-base:/usr/share/dirsrv:/sbin/nologin
/etc/group:dirsrv:x:389:

setup-ds.pl ...

ps -ef | egrep ns-slapd

dirsrv 14379 1 2 17:00 ? 00:00:00 /usr/sbin/ns-slapd -D /etc/dirsrv/slapd-test -i /var/run/dirsrv/slapd-test.pid -w /var/run/dirsrv/slapd-test.startpid

Tested on my system, looks good.

Thanks, William. But I found an error case... :(
If the passwd/group has a string which contains "dirsrv" as a part, it does not work as expected...
/etc/passwd:xdirsrv:x:389:389:389-ds-base:/usr/share/dirsrv:/sbin/nologin
/etc/group:xdirsrv:x:389:

git patch file (master) -- revised (generated files are not included.)
0001-Ticket-48285-The-dirsrv-user-group-should-be-created.patch

If these users and groups exist on the system:
{{{
/etc/passwd:xdirsrv:x:389:389:389-ds-base:/usr/share/dirsrv:/sbin/nologin
/etc/passwd:dirsrvy:x:390:390:389-ds-base:/usr/share/dirsrv:/sbin/nologin
/etc/group:xdirsrv:x:389:
/etc/group:dirsrvy:x:390:
}}}
This pair is supposed to be generated:
{{{
/etc/passwd:dirsrv:x:391:391:389-ds-base:/usr/share/dirsrv:/sbin/nologin
/etc/group:dirsrv:x:391:
}}}

Tested again with dirsrv, dirsrvx and xdirsrv already exsting.

Reviewed by William (Thank you!!)

Pushed to master:
6f8c555..79aa178 master -> master
commit 44d47d5
commit 79aa178

Metadata Update from @nhosoi:
- Issue assigned to nhosoi
- Issue set to the milestone: 1.3.5.0

2 years ago

Login to comment on this ticket.

Metadata