The openvswitch upstream recently underwent changes to execute services as the non-root user 'openvswitch', with group 'hugetlbfs'. The openvswitch provides networking connectivity between physical network and virtual machines, and is able to manipulate and view traffic. I didn't see an existing user that seemed to fulfill this kind of role.
Sorry for not addressing this sooner.
I think I understand why a dynamic allocation doesn't work (it has to match between host and VMs) but that's something you need to tell us before we can make any kind of decision. There is a very limited pool from which we can make static allocations, so they need to be well-justified.
Metadata Update from @tibbs:
- Issue tagged with: meeting
We discussed this at this weeks meeting (http://meetbot.fedoraproject.org/fedora-meeting-1/2017-09-14/fpc.2017-09-14-16.00.txt):
We are concerned with the backup/restore use-case. An administrator deploys Fedora, install openvswitch package which creates dynamic UID/GID, then it keeps a backup (yes, some people do that :). Well, if something bad happens and the administrator has to re-deploy Fedora, the new openvswitch package might select another UID/GID which will be different from the files in his backup.
Is that situation OK from the fedora's committee perspective?
We discussed this at this weeks meeting (https://meetbot-raw.fedoraproject.org/fedora-meeting-2/2017-10-04/fpc.2017-10-04-17.00.txt:
Metadata Update from @james:
- Issue tagged with: needinfo
rsync doesn't know that, for instance. I believe many backup sofftware out there assume that you would be restoring data as-is. So, if you re-deploy system packages, one would expect the same UIDs.
@fbl Sorry, but that's not true. rsync does know that and restores ownership by user/group name by default. You actually have to add --numeric-ids if you want to go by uid/gid.
@rathann really? Because I had problems in past where I had to manually fix the uid/gids. Anyway, I'd be okay if you think it's not necessary.
No progress for 7 months, please reopen if you still think that we need to allocate uid/gid.
Metadata Update from @ignatenkobrain:
- Issue untagged with: meeting, needinfo
- Issue close_status updated to: nothingtodo
- Issue status updated to: Closed (was: Open)
to comment on this ticket.