Bug 1463902

Summary: Missing home directory for saslauth and qdrouterd
Product: Red Hat Satellite Reporter: Anand Agrawal <aagrawal>
Component: DocumentationAssignee: Julie <juwu>
Status: CLOSED CURRENTRELEASE QA Contact: Russell Dickenson <rdickens>
Severity: medium Docs Contact:
Priority: medium    
Version: 6.2.9CC: jjelen, juwu, plautrba, pmoravec, tross
Target Milestone: Unspecified   
Target Release: Unused   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-10-02 22:57:42 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Anand Agrawal 2017-06-22 04:34:15 UTC 
Document URL: 
https://access.redhat.com/documentation/en-us/red_hat_satellite/6.2/html-single/architecture_guide/#chap-Documentation-Architecture_Guide-Required_Technical_Users

Section Number and Name: 
APPENDIX A. TECHNICAL USERS PROVIDED AND REQUIRED BY SATELLITE

Table A.1. Technical Users Provided and Required by Satellite

Describe the issue: 

In the doc,  it is listed information for saslauth as
saslauth     76      yes     /run/saslauthd    /sbin/nologin

but when checking, the home directory does not exist

user 'saslauth': directory '/run/saslauthd' does not exist
user 'qdrouterd': directory '/var/lib/qdrouterd' does not exist
Suggestions for improvement: 

Additional information:
Comment 1 Pavel Moravec 2017-09-22 07:09:51 UTC 
Neither qdrouterd or sasluser requires to have a home directory, both relevant packages (that causes creating of the users) works perfectly without the home directories.

Where that /etc/password comes from?

# rpm -q --scripts cyrus-sasl
preinstall scriptlet (using /bin/sh):
getent group saslauth >/dev/null || groupadd -g 76 -r saslauth
getent passwd saslauth >/dev/null || useradd -r -g saslauth -d /run/saslauthd -s /sbin/nologin -c "Saslauthd user" saslauth
postinstall scriptlet (using /bin/sh):
..

# rpm -q --scripts qpid-dispatch-router
preinstall scriptlet (using /bin/sh):
getent group qdrouterd >/dev/null || groupadd -r qdrouterd
getent passwd qdrouterd >/dev/null || \
  useradd -r -M -g qdrouterd -d /var/lib/qdrouterd -s /sbin/nologin \
    -c "Owner of Qdrouterd Daemons" qdrouterd
exit 0
postinstall scriptlet (using /bin/sh):
..
#


useradd would have to use option -m to create the home dirs, but it isnt used there.

Ted, any reason why qpid-dispatch-router creates the users with home dirs that are not created? Is there a reason for the home dirs at all?
Comment 2 Pavel Moravec 2017-09-22 07:11:05 UTC 
Petre,

any reason why cyrus-sasl creates the user with home dir that is not created? Is there a reason for the home dir at all? (see previous comment)
Comment 3 Petr Lautrbach 2017-09-22 11:03:05 UTC 
/run/saslauthd directory is created by systemd when saslauthd.service is started - see 'RuntimeDirectory=saslauthd'

^_^ cat /usr/lib/systemd/system/saslauthd.service
[Unit]
Description=SASL authentication daemon.

[Service]
Type=forking
PIDFile=/run/saslauthd/saslauthd.pid
EnvironmentFile=/etc/sysconfig/saslauthd
ExecStart=/usr/sbin/saslauthd -m $SOCKETDIR -a $MECH $FLAGS
RuntimeDirectory=saslauthd

[Install]
WantedBy=multi-user.target


This change was made to make easier running saslauthd as non-root user, see https://bugzilla.redhat.com/show_bug.cgi?id=1188065
Comment 4 Ted Ross 2017-09-22 13:42:56 UTC 
(In reply to Pavel Moravec from comment #1)
> Neither qdrouterd or sasluser requires to have a home directory, both
> relevant packages (that causes creating of the users) works perfectly
> without the home directories.
> 
> Where that /etc/password comes from?
> 
> # rpm -q --scripts cyrus-sasl
> preinstall scriptlet (using /bin/sh):
> getent group saslauth >/dev/null || groupadd -g 76 -r saslauth
> getent passwd saslauth >/dev/null || useradd -r -g saslauth -d
> /run/saslauthd -s /sbin/nologin -c "Saslauthd user" saslauth
> postinstall scriptlet (using /bin/sh):
> ..
> 
> # rpm -q --scripts qpid-dispatch-router
> preinstall scriptlet (using /bin/sh):
> getent group qdrouterd >/dev/null || groupadd -r qdrouterd
> getent passwd qdrouterd >/dev/null || \
>   useradd -r -M -g qdrouterd -d /var/lib/qdrouterd -s /sbin/nologin \
>     -c "Owner of Qdrouterd Daemons" qdrouterd
> exit 0
> postinstall scriptlet (using /bin/sh):
> ..
> #
> 
> 
> useradd would have to use option -m to create the home dirs, but it isnt
> used there.
> 
> Ted, any reason why qpid-dispatch-router creates the users with home dirs
> that are not created? Is there a reason for the home dirs at all?

There is no need for home directories for these users.  The users are simply added so there is a user other than root for the running processes.  As far as I know, this is normal configuration for RPMs.
Comment 11 Julie 2017-10-02 22:57:42 UTC 
Documentation Link:
https://access.redhat.com/documentation/en-us/red_hat_satellite/6.2/html-single/architecture_guide/#chap-Documentation-Architecture_Guide-Required_Technical_Users