Bug 1004090

Summary:	/var/yp/Makefile: MINUID=500 MINGID=500 should be MINUID=1000 MINGID=1000
Product:	[Fedora] Fedora	Reporter:	Edgar Hoch <edgar.hoch>
Component:	ypserv	Assignee:	Honza Horak <hhorak>
Status:	CLOSED ERRATA	QA Contact:	Fedora Extras Quality Assurance <extras-qa>
Severity:	low	Docs Contact:
Priority:	unspecified
Version:	19	CC:	hhorak
Target Milestone:	---	Keywords:	Reopened
Target Release:	---
Hardware:	Unspecified
OS:	Linux
Whiteboard:
Fixed In Version:	ypserv-2.31-5.fc19	Doc Type:	Bug Fix
Doc Text:		Story Points:	---
Clone Of:
Clones:	1021329 (view as bug list)		Environment:
Last Closed:	2013-11-02 04:54:15 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Bug Depends On:
Bug Blocks:	1021329

Description Edgar Hoch 2013-09-03 22:28:00 UTC

Description of problem:
/var/yp/Makefile contains the following lines:

MINUID=500
MINGID=500

I think that MINUID and MINGID should match the values UID_MIN and GID_MIN in /etc/login.defs to be consistent and to not distribute uids and gids used by the linux system. So the lines above should be changed to

MINUID=1000
MINGID=1000


Version-Release number of selected component (if applicable):
ypserv-2.31-2.fc19.x86_64
shadow-utils-4.1.5.1-5.fc19.x86_64

How reproducible:
Always.

Additional info:
The file /var/yp/Makefile can be modified by administrators, so the change is not important. But I think the provided makefile is used as a template by many administrators, so it should use the correct vaules.

Comment 1 Honza Horak 2013-09-04 11:12:48 UTC

It seems to me like a valid request, but what would happen with upgraded systems that keep using UIDs 501+ and haven't changed /var/yp/Makefile? The Makefile would actually be updated and UIDs lower than 1000 won't be included in maps. This sounds like a big problem to me, so we can't blindly change MINUID and MINGID settings.

What we can do though is reading MINUID and MINGID from /etc/login.defs -- something like this:

--- Makefile	2013-05-10 12:26:09.000000000 +0200
+++ Makefile.new	2013-09-04 12:57:35.674750907 +0200
@@ -37,8 +37,8 @@ YPPUSH_ARGS =
 # the passwd file. If no entry is found, this shadow entry is
 # ignored.
 # MINGID is the lowest gid that will be included in the group maps.
-MINUID=500
-MINGID=500
+MINUID=$(shell TMP=`egrep '^UID_MIN\s+[0-9]+' /etc/login.defs|sed -e 's/^UID_MIN//'` ; [ -n "$$TMP" ] && echo "$$TMP" || echo 1000)
+MINGID=$(shell TMP=`egrep '^GID_MIN\s+[0-9]+' /etc/login.defs|sed -e 's/^GID_MIN//'` ; [ -n "$$TMP" ] && echo "$$TMP" || echo 1000)
 
 # Don't export this uid/guid (nfsnobody).
 # Set to 0 if you want to

Comment 2 Fedora Update System 2013-09-04 12:07:26 UTC

ypserv-2.31-5.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/ypserv-2.31-5.fc20

Comment 3 Edgar Hoch 2013-09-04 12:14:08 UTC

Files in /var/yp/ are declared as noreplace config files in the spec file, so I think update and upgrade (?) should be no problem, because the old Makefile remains unchanged. From the spec file:

%config(noreplace) /var/yp/*

Comment 4 Honza Horak 2013-09-04 12:47:41 UTC

This is not true actually, config(noreplace) files *are* replaced if they weren't touched by user:
http://www-uxsup.csx.cam.ac.uk/~jw35/docs/rpm_config.html

If they were touched, a new *.rpmnew file is created instead.

Comment 5 Edgar Hoch 2013-09-04 14:07:49 UTC

Thanks for the explanation of config(noreplace). I think your solution to search for the default values in /etc/login.defs is a good solution.

Comment 6 Fedora Update System 2013-09-04 16:05:53 UTC

Package ypserv-2.31-5.fc20:
* should fix your issue,
* was pushed to the Fedora 20 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing ypserv-2.31-5.fc20'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2013-15735/ypserv-2.31-5.fc20
then log in and leave karma (feedback).

Comment 7 Fedora Update System 2013-09-23 00:46:02 UTC

ypserv-2.31-5.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 8 Fedora Update System 2013-10-21 06:20:13 UTC

ypserv-2.31-5.fc19 has been submitted as an update for Fedora 19.
https://admin.fedoraproject.org/updates/ypserv-2.31-5.fc19

Comment 9 Fedora Update System 2013-10-22 05:02:59 UTC

Package ypserv-2.31-5.fc19:
* should fix your issue,
* was pushed to the Fedora 19 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing ypserv-2.31-5.fc19'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2013-19665/ypserv-2.31-5.fc19
then log in and leave karma (feedback).

Comment 10 Fedora Update System 2013-11-02 04:54:15 UTC

ypserv-2.31-5.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.