Bug 1331422

Summary: UID for geoclue user
Product: Red Hat Enterprise Linux 7 Reporter: Zeeshan Ali <zeenix>
Component: setupAssignee: Ondrej Vasik <ovasik>
Status: CLOSED NOTABUG QA Contact: qe-baseos-daemons
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.3CC: mclasen, zeenix
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-05-13 16:08:28 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Zeeshan Ali 2016-04-28 13:33:13 UTC 
I created a new build of geoclue2 for bug#1285479 and seems RPMDiff tool all of a sudden doesn't like my package to be creating 'geoclue' account without specifying a particular UID. The documentation about the error:

https://docs.engineering.redhat.com/display/HTD/rpmdiff-rpm-scripts-and-triggers

says that we should be doing this through 'setup' package, hence I'm filling this bug to try to resolve the issue.

The user in question is the account used for running geoclue2 system service and hence handles user's location and also sends out nearby wifi networks data to mozilla location services, hence I chose not to ignore this error, as per the guideline in documentation.
Comment 2 Ondrej Vasik 2016-04-29 04:25:18 UTC 
Thanks for report and not ignoring the rpmdiff error, however rpmdiff is a bit overaggressive about this static uid/gid suggestion for system accounts. Nowadays, I'm no longer allowed to assign static id myself. It has to be handled through fpc - see https://fedoraproject.org/wiki/Packaging:UsersAndGroups#Soft_static_allocation - they require justification why static id is preferred over dynamic one.

From the brief description, it looks like dynamic system id should be ok in this case, but maybe I miss how can different uid/gid for this service across systems influence its security and functionality.

Please add the link to the fpc ticket into this bugzilla, if you decide to file fpc ticket. If you decide to not do so, please close this bugzilla notabug. Thanks in advance.
Comment 3 Zeeshan Ali 2016-05-13 16:08:28 UTC 
(In reply to Ondrej Vasik from comment #2)
> Thanks for report and not ignoring the rpmdiff error, however rpmdiff is a
> bit overaggressive about this static uid/gid suggestion for system accounts.
> Nowadays, I'm no longer allowed to assign static id myself. It has to be
> handled through fpc - see
> https://fedoraproject.org/wiki/Packaging:
> UsersAndGroups#Soft_static_allocation - they require justification why
> static id is preferred over dynamic one.
> 
> From the brief description, it looks like dynamic system id should be ok in
> this case, but maybe I miss how can different uid/gid for this service
> across systems influence its security and functionality.
>
> Please add the link to the fpc ticket into this bugzilla, if you decide to
> file fpc ticket. If you decide to not do so, please close this bugzilla
> notabug. Thanks in advance.

Sorry for late reply. If you think it's OK in this case to use dynamic ID, I'm fine with it too. :) Thanks.