Bug 1145981

Summary: Provide utility or macro to add users/groups in %pre of other packages, observing uidgid too
Product: [Fedora] Fedora Reporter: Jan Pazdziora <jpazdziora>
Component: shadow-utilsAssignee: Tomas Mraz <tmraz>
Status: CLOSED WONTFIX QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: fweimer, james.hogarth, jberan, jhrozek, jpazdziora, jpokorny, pvrabec, tmraz
Target Milestone: ---Keywords: FutureFeature
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-12-20 15:31:45 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1213404    

Description Jan Pazdziora 2014-09-24 08:46:25 UTC 
Description of problem:

Currently, packages that need to create uid/gid are supposed to run useradd/groupadd manually, and for pre-allocated uids/gids even with a bit more complex logic:

https://fedoraproject.org/wiki/Packaging:UsersAndGroups#Soft_static_allocation

(The version as of the time of filing this bugzilla is
https://fedoraproject.org/w/index.php?title=Packaging:UsersAndGroups&oldid=331685#Soft_static_allocation).

It would be good to provide utility which would do this automatically, using values from /usr/share/doc/setup/uidgid (that probably should no longer be %doc but real data file), avoiding the need of hardcoding the uid/gid in all packages that feel they need the user.

Or it could be an rpm macro.

Then the guidelines could be changed to recommend to just call this one utility / macro -- something like

   %pre
   ensure-user-exists apache

or

   %pre
   %ensure-user-exists apache

and packages changed to just do this.

Even better, rpm could this automatically when it would detect files owned by user that does not exist but is defined in uidgid.

Additional benefit would be should the local users start to live somewhere else than in /etc/passwd one day -- possibly in local sssd database. Then this single utility would need to be changed to add the feature or enhance it, rather than multiple .spec files.

Version-Release number of selected component (if applicable):

shadow-utils-4.1.5.1-8.fc20.x86_64
and Packaging:UsersAndGroups as of today

How reproducible:

Deterministic.

Steps to Reproduce:
1. Try to ensure user exists for your packages (bug 1143067 or bug 1143067).
2. Read the Packaging:UsersAndGroups.
3. Wonder if this is the easiest way to do it.

Actual results:

It's not that easy.

Expected results:

It's very easy.

Additional info:
Comment 1 Jan Pazdziora 2014-09-24 08:51:25 UTC 
A good partial step could be for useradd/groupadd with -r and without -u/-g to observe uidgid and use those values if no clashing record yet exists, instead of going down from 999. That would also lead to gradual consolidation of installations to use the pre-allocated uids/gids.
Comment 2 Jan Pazdziora 2014-09-24 08:52:17 UTC 
(In reply to Jan Pazdziora from comment #0)
> 1. Try to ensure user exists for your packages (bug 1143067 or bug 1143067).

I meant to write bug 1143066 or bug 1143067 here.
Comment 3 Fedora End Of Life 2015-05-29 12:57:11 UTC 
This message is a reminder that Fedora 20 is nearing its end of life.
Approximately 4 (four) weeks from now Fedora will stop maintaining
and issuing updates for Fedora 20. It is Fedora's policy to close all
bug reports from releases that are no longer maintained. At that time
this bug will be closed as EOL if it remains open with a Fedora  'version'
of '20'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version.

Thank you for reporting this issue and we are sorry that we were not 
able to fix it before Fedora 20 is end of life. If you would still like 
to see this bug fixed and are able to reproduce it against a later version 
of Fedora, you are encouraged  change the 'version' to a later Fedora 
version prior this bug is closed as described in the policy above.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events. Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.
Comment 4 Tomas Mraz 2018-12-20 15:31:45 UTC 
I am sorry, we are not going to pursue this RFE at this point. Pagure PRs are always welcome.