#48285 The dirsrv user/group should be created in rpm %pre, and ideally with fixed uid/gid
Closed: wontfix None Opened 6 years ago by nhosoi.

Description of problem:

The dirsrv user/group is only created when ipa-server-install is run. That
makes it hard to move IPA's data from container to a data volume as in vanilla
container the records won't be there and the directory server will refuse to
start: Unknown user 'dirsrv'.

And if we do this, we could just as well hardcode some reasonable uid. For
example, httpd does

/usr/sbin/useradd -c "Apache" -u 48 \
        -s /sbin/nologin -r -d /usr/share/httpd apache 2> /dev/null || :

For dirsrv user, uid 389 could be used (but we'd need to verify if it's not
used by someone else).

Version-Release number of selected component (if applicable):

389-ds-base-1.3.1.6-26.el7_0.x86_64

How reproducible:

Deterministic.

Steps to Reproduce:
1. Install 389-ds-base.
2. Check /etc/group and /etc/passwd for dirsrv.

Actual results:

It's not there.

Expected results:

It should be there.

Additional info:

rpm -i 389-ds-base...

egrep dirsrv /etc/passwd /etc/group

/etc/passwd:dirsrv:x:389:389:389-ds-base:/usr/share/dirsrv:/sbin/nologin
/etc/group:dirsrv:x:389:

setup-ds.pl ...

ps -ef | egrep ns-slapd

dirsrv 14379 1 2 17:00 ? 00:00:00 /usr/sbin/ns-slapd -D /etc/dirsrv/slapd-test -i /var/run/dirsrv/slapd-test.pid -w /var/run/dirsrv/slapd-test.startpid

Tested on my system, looks good.

Thanks, William. But I found an error case... :(
If the passwd/group has a string which contains "dirsrv" as a part, it does not work as expected...
/etc/passwd:xdirsrv:x:389:389:389-ds-base:/usr/share/dirsrv:/sbin/nologin
/etc/group:xdirsrv:x:389:

git patch file (master) -- revised (generated files are not included.)
0001-Ticket-48285-The-dirsrv-user-group-should-be-created.patch

If these users and groups exist on the system:
{{{
/etc/passwd:xdirsrv:x:389:389:389-ds-base:/usr/share/dirsrv:/sbin/nologin
/etc/passwd:dirsrvy:x:390:390:389-ds-base:/usr/share/dirsrv:/sbin/nologin
/etc/group:xdirsrv:x:389:
/etc/group:dirsrvy:x:390:
}}}
This pair is supposed to be generated:
{{{
/etc/passwd:dirsrv:x:391:391:389-ds-base:/usr/share/dirsrv:/sbin/nologin
/etc/group:dirsrv:x:391:
}}}

Tested again with dirsrv, dirsrvx and xdirsrv already exsting.

Reviewed by William (Thank you!!)

Pushed to master:
6f8c555..79aa178 master -> master
commit 44d47d5
commit 79aa178

Metadata Update from @nhosoi:
- Issue assigned to nhosoi
- Issue set to the milestone: 1.3.5.0

4 years ago

389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/389ds/389-ds-base/issues/1616

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata Update from @spichugi:
- Issue close_status updated to: wontfix (was: Fixed)

a year ago

Login to comment on this ticket.

Metadata