Bug 1004090 - /var/yp/Makefile: MINUID=500 MINGID=500 should be MINUID=1000 MINGID=1000
/var/yp/Makefile: MINUID=500 MINGID=500 should be MINUID=1000 MINGID=1000
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: ypserv (Show other bugs)
19
Unspecified Linux
unspecified Severity low
: ---
: ---
Assigned To: Honza Horak
Fedora Extras Quality Assurance
: Reopened
Depends On:
Blocks: 1021329
  Show dependency treegraph
 
Reported: 2013-09-03 18:28 EDT by Edgar Hoch
Modified: 2013-11-02 00:54 EDT (History)
1 user (show)

See Also:
Fixed In Version: ypserv-2.31-5.fc19
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1021329 (view as bug list)
Environment:
Last Closed: 2013-11-02 00:54:15 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Edgar Hoch 2013-09-03 18:28:00 EDT
Description of problem:
/var/yp/Makefile contains the following lines:

MINUID=500
MINGID=500

I think that MINUID and MINGID should match the values UID_MIN and GID_MIN in /etc/login.defs to be consistent and to not distribute uids and gids used by the linux system. So the lines above should be changed to

MINUID=1000
MINGID=1000


Version-Release number of selected component (if applicable):
ypserv-2.31-2.fc19.x86_64
shadow-utils-4.1.5.1-5.fc19.x86_64

How reproducible:
Always.

Additional info:
The file /var/yp/Makefile can be modified by administrators, so the change is not important. But I think the provided makefile is used as a template by many administrators, so it should use the correct vaules.
Comment 1 Honza Horak 2013-09-04 07:12:48 EDT
It seems to me like a valid request, but what would happen with upgraded systems that keep using UIDs 501+ and haven't changed /var/yp/Makefile? The Makefile would actually be updated and UIDs lower than 1000 won't be included in maps. This sounds like a big problem to me, so we can't blindly change MINUID and MINGID settings.

What we can do though is reading MINUID and MINGID from /etc/login.defs -- something like this:

--- Makefile	2013-05-10 12:26:09.000000000 +0200
+++ Makefile.new	2013-09-04 12:57:35.674750907 +0200
@@ -37,8 +37,8 @@ YPPUSH_ARGS =
 # the passwd file. If no entry is found, this shadow entry is
 # ignored.
 # MINGID is the lowest gid that will be included in the group maps.
-MINUID=500
-MINGID=500
+MINUID=$(shell TMP=`egrep '^UID_MIN\s+[0-9]+' /etc/login.defs|sed -e 's/^UID_MIN//'` ; [ -n "$$TMP" ] && echo "$$TMP" || echo 1000)
+MINGID=$(shell TMP=`egrep '^GID_MIN\s+[0-9]+' /etc/login.defs|sed -e 's/^GID_MIN//'` ; [ -n "$$TMP" ] && echo "$$TMP" || echo 1000)
 
 # Don't export this uid/guid (nfsnobody).
 # Set to 0 if you want to
Comment 2 Fedora Update System 2013-09-04 08:07:26 EDT
ypserv-2.31-5.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/ypserv-2.31-5.fc20
Comment 3 Edgar Hoch 2013-09-04 08:14:08 EDT
Files in /var/yp/ are declared as noreplace config files in the spec file, so I think update and upgrade (?) should be no problem, because the old Makefile remains unchanged. From the spec file:

%config(noreplace) /var/yp/*
Comment 4 Honza Horak 2013-09-04 08:47:41 EDT
This is not true actually, config(noreplace) files *are* replaced if they weren't touched by user:
http://www-uxsup.csx.cam.ac.uk/~jw35/docs/rpm_config.html

If they were touched, a new *.rpmnew file is created instead.
Comment 5 Edgar Hoch 2013-09-04 10:07:49 EDT
Thanks for the explanation of config(noreplace). I think your solution to search for the default values in /etc/login.defs is a good solution.
Comment 6 Fedora Update System 2013-09-04 12:05:53 EDT
Package ypserv-2.31-5.fc20:
* should fix your issue,
* was pushed to the Fedora 20 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing ypserv-2.31-5.fc20'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2013-15735/ypserv-2.31-5.fc20
then log in and leave karma (feedback).
Comment 7 Fedora Update System 2013-09-22 20:46:02 EDT
ypserv-2.31-5.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 8 Fedora Update System 2013-10-21 02:20:13 EDT
ypserv-2.31-5.fc19 has been submitted as an update for Fedora 19.
https://admin.fedoraproject.org/updates/ypserv-2.31-5.fc19
Comment 9 Fedora Update System 2013-10-22 01:02:59 EDT
Package ypserv-2.31-5.fc19:
* should fix your issue,
* was pushed to the Fedora 19 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing ypserv-2.31-5.fc19'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2013-19665/ypserv-2.31-5.fc19
then log in and leave karma (feedback).
Comment 10 Fedora Update System 2013-11-02 00:54:15 EDT
ypserv-2.31-5.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.