Some of the SSSD services may be executed by an unprivileged "sssd" user. In order to do so, these services' unit files would have to receive a "--uid " and "--gid " argument (it would be done while packaging SSSD) and that only would be possible in case the user id and group id are well defined.
The reason for using "--uid " and "--gid " instead of the user's name is to avoid calling getpwnam() during the service startup causing a circular dependency on SSSD.
This is coming in very close to our meeting so I'm not sure if it will have a chance to be considered properly.
Nonetheless, this is the kind of thing that makes sense to me, since sssd will by default be handing all user lookups in the system, including things which previously would use the 'files' backend. So sssd really does have to know what UID it's going to end up with.
Metadata Update from @tibbs: - Issue tagged with: meeting
We discussed this at this weeks meeting (http://meetbot.fedoraproject.org/fedora-meeting-1/2017-03-09/fpc.2017-03-09-17.00.txt):
Metadata Update from @james: - Issue untagged with: meeting
Metadata Update from @james: - Issue close_status updated to: accepted - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.