Bug 2014037

Summary: There is a new login account in satellite 6.9
Product: Red Hat Satellite Reporter: guliu
Component: InstallationAssignee: Ewoud Kohl van Wijngaarden <ekohlvan>
Status: CLOSED ERRATA QA Contact: Omkar Khatavkar <okhatavk>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 6.9.0CC: ahumbe, ehelms, ekohlvan, gpadholi, ngalvin, pcreech, pmendezh, tasander, ttereshc, zhunting
Target Milestone: 6.11.0Keywords: Triaged
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: foreman-installer-3.1.2-1 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-07-05 14:30:00 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description guliu 2021-10-14 10:50:39 UTC 
Description of problem:


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. In satellite 6.9
# rpm -qa|grep satellite
ansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.noarch
tfm-rubygem-foreman_theme_satellite-7.0.1.7-1.el7sat.noarch
satellite-common-6.9.6-1.el7sat.noarch
satellite-installer-6.9.0.11-1.el7sat.noarch
satellite-cli-6.9.6-1.el7sat.noarch
satellite-maintain-0.0.1-1.el7sat.noarch
satellite-6.9.6-1.el7sat.noarch

2. There is new account pulp

# grep pulp /etc/passwd
pulp:x:1000:1000::/var/lib/pulp:/bin/bash

3.

Actual results:


Expected results:

whether change to "/sbin/nologin" for shell field

Additional info:
Comment 1 Ewoud Kohl van Wijngaarden 2021-10-18 09:26:32 UTC 
We should also look at making it a system user. I think the biggest challenge with this is upgrading existing installations.
Comment 4 Ewoud Kohl van Wijngaarden 2021-10-21 16:49:43 UTC 
Created redmine issue https://projects.theforeman.org/issues/33765 from this bug
Comment 5 Bryan Kearney 2021-11-04 13:51:39 UTC 
Upstream bug assigned to ekohlvan
Comment 6 Bryan Kearney 2021-11-04 13:51:40 UTC 
Moving this bug to POST for triage into Satellite since the upstream issue https://projects.theforeman.org/issues/33765 has been resolved.
Comment 8 Omkar Khatavkar 2022-02-02 14:27:35 UTC 
[root@satellite ~]# grep pulp /etc/passwd
pulp:x:988:1000::/var/lib/pulp:/sbin/nologin
Comment 9 Omkar Khatavkar 2022-02-02 14:28:07 UTC 
verified on Satellite 7 and snap7 works well
Comment 10 Ewoud Kohl van Wijngaarden 2022-02-02 14:37:22 UTC 
(In reply to Omkar Khatavkar from comment #8)
> [root@satellite ~]# grep pulp /etc/passwd
> pulp:x:988:1000::/var/lib/pulp:/sbin/nologin

It is interesting to see the group id is still 1000 while I would expect < 1000. I think I forgot to mark the group as a system group. That technically wasn't part of this BZ but I consider it the same. Should we fail QA on this?
Comment 11 Ewoud Kohl van Wijngaarden 2022-02-02 14:53:50 UTC 
I decided that this is a good thing regardless of this BZ so I opened https://projects.theforeman.org/issues/34379 and https://github.com/theforeman/puppet-pulpcore/pull/244.
Comment 12 Omkar Khatavkar 2022-02-03 06:35:14 UTC 
@ekohlvan Thanks for noticing that I will Fail this and wait for that change to be placed in ONQA.
Comment 13 Ewoud Kohl van Wijngaarden 2022-02-07 13:35:58 UTC 
Clearing Fixed in since it doesn't fix it completely.
Comment 14 Omkar Khatavkar 2022-03-22 08:35:55 UTC 
# grep pulp /etc/passwd
pulp:x:988:986::/var/lib/pulp:/sbin/nologin

Working as expected the permissions are removed from 1000 to 988 and 986. Verified in Satellite 6.11 snap 14
Comment 17 errata-xmlrpc 2022-07-05 14:30:00 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: Satellite 6.11 Release), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:5498