Bug 491899
Summary: | please assign a uid and gid for 'nslcd' | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Nalin Dahyabhai <nalin> |
Component: | setup | Assignee: | Ondrej Vasik <ovasik> |
Status: | CLOSED RAWHIDE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | low | ||
Version: | rawhide | CC: | ovasik, pknirsch |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | setup-2.8.2-2.fc11 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2009-03-25 13:46:12 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Nalin Dahyabhai
2009-03-24 15:28:28 UTC
This pair is not available, uid 64 already reserved by user condor, gid 31 already reserved by group console. What do you think about sharing gid with some existing group - e.g. group 55 (ldap) and share it with open-ldap? Reserved uid could be separate - there is plenty of free uid's left (e.g. 63). I checked available gid's and the only free is 16 (uidgid pair in fact available, 16/16 That's probably okay -- nothing the daemon accesses needs to be group-readable or -writable, it just needs to be part of _some_ group. My only concern would be for other packages which use the group for access control. For example slapd's configuration file is group-readable, and its contents would be readable from inside of nslcd should it be compromised somehow. But hey, it's better than nothing. Will ask openldap maintainer tomorrow if such group sharing is suitable for him (I guess those packages are quite close to share group). If so, will assign uid 63 for "nslcd" user and you will add nss-ldap package to reservation of gid 55 "ldap" group. Ok, consulted with open-ldap guys, they are generally ok with that group sharing. Added following reservation record to uidgid file(as I have seen you have chosen uid 65 in spec): username uid gid home shell package nslcd 65 (55) / /sbin/nologin nslcd Note: group 55 should be created as ldap to prevent troubles for open-ldap. Built as setup-2.8.2-2.fc11, closing RAWHIDE. |