Bug 1388967

Summary: networking/dovecot - changed default first_valid_uid since rhel-7.3
Product: Red Hat Enterprise Linux 6 Reporter: Petr Stodulka <pstodulk>
Component: preupgrade-assistant-el6toel7Assignee: Jakub Mazanek <jmazanek>
Status: CLOSED ERRATA QA Contact: Alois Mahdal <amahdal>
Severity: medium Docs Contact: Lenka Špačková <lkuprova>
Priority: unspecified    
Version: 6.9CC: jhornice, jmazanek, msvistun, ovasik, redhat-bugzilla
Target Milestone: rcKeywords: Extras
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: preupgrade-assistant-el6toel7-0.7.1-1.el6 Doc Type: Release Note
Doc Text:
Users with any UID are now able to log in after the update to RHEL 7 Since Red Hat Enterprise Linux 7.3, the default value of the "first_valid_uid" configuration option of Dovecot changed from "500" in Red Hat Enterprise Linux 6 to "1000" in Red Hat Enterprise Linux 7. Consequently, if a Red Hat Enterprise Linux 6 installation did not have "first_valid_uid" explicitly defined, the Dovecot configuration did not allow users with UID less than "1000" to log in after the update to Red Hat Enterprise Linux 7. Note that only installations where "first_valid_uid" was not explicitly defined were affected. This problem has been addressed by the post-upgrade script, which now changes the "first_valid_uid" value from "1000" to the original value on the source system. As a result, users with any UID are able to log in after the update to Red Hat Enterprise Linux 7.
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-11-14 20:40:58 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 1429926    

Description Petr Stodulka 2016-10-26 15:12:11 UTC
Description of problem:
Since RHEL-7.3, dovecot-2.2.10-7 changed default value first_valid_uid
from 500 to 1000, because of regular users on rhel-7 start at UID 1000.
See bug #1280433

We currently inform users about different ranges for system,reserved and reg.
users on rhel-7 according to ranges on rhel-6. However, this is another change
and as I remember, we don't move users to different UIDs - as this is
completely in hands of admins now.

So after upgrade to rhel-7, dovecot will not be usable for all users with lower UID then used first_valid_uid.

Known issue:
For bug #1280433 will be created known issue, which will include upgrades from rhel-6 too.


Expected solution:
* in case the first_valid_uid is set, we don't have to do anything, but we could print log_info probably that the default value is changed - just for theirs info

* in case the first_valid_uid is not set:
  - should print slight risk or info,
  - exit status will be fixed or failed (it depends on another already created checks of the module, important part is, that exit will not be passed),
  - the postupgrade script will set "first_valid_uid=500" inside
    /etc/dovecot/conf.d/10-mail.conf

Comment 1 Petr Stodulka 2016-10-26 15:15:12 UTC
And of course, a info in solution text will be added.

Comment 2 Alois Mahdal 2016-12-06 16:50:40 UTC
For QA: Talk to jmazanek about exact details of the change.

Comment 11 Alois Mahdal 2017-11-11 01:54:49 UTC
Test passed with new build.

Comment 13 errata-xmlrpc 2017-11-14 20:40:58 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:3212