1102002 – new static uids/gids for systemd services

Bug 1102002 - new static uids/gids for systemd services

Summary: new static uids/gids for systemd services

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	setup
Sub Component:
Version:	22
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Ondrej Vasik
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2014-05-28 10:32 UTC by Kay Sievers
Modified:	2015-03-06 07:00 UTC (History)
CC List:	6 users (show)
Fixed In Version:	setup-2.9.0-4.fc21
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2015-03-06 07:00:48 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Kay Sievers 2014-05-28 10:32:43 UTC

Please add new static uid/gid pairs for systemd services:
  systemd-timesync
  systemd-network

Thanks!

Comment 1 Ondrej Vasik 2014-05-28 11:48:05 UTC

I no longer can assign uid/gid pairs myself, FPC approval is required here (see https://fedoraproject.org/wiki/Packaging:UsersAndGroups and Soft Static Allocation). Please include the link to the FPC ticket, once is created - so I can track the decision and assign the IDs if approved by FPC.

Comment 2 Ondrej Vasik 2014-06-19 21:21:44 UTC

Any update? Have you asked for FPC approval?

Comment 3 Ondrej Vasik 2014-10-03 12:35:58 UTC

Ping? I will close this request if there is no FPC ticket activity.

Comment 4 Ondrej Vasik 2014-10-30 06:03:08 UTC

Adding several more systemd guys before closing this bugzilla.

Comment 5 Zbigniew Jędrzejewski-Szmek 2014-10-30 12:43:59 UTC

The motivation is to be able to start those daemons in the initramfs. For security reasons it is important to run them as non-root. They create some state files, so uid used in the initramfs has to be the same as the one used on real root.

Please don't close this yet, one of us will file the FPC ticket.

Comment 6 Ondrej Vasik 2014-12-15 12:23:51 UTC

Any change here? Is the FPC ticket already filed?

Comment 7 Zbigniew Jędrzejewski-Szmek 2014-12-15 14:42:21 UTC

Now it's filed: https://fedorahosted.org/fpc/ticket/481. Sorry for the delay.

Comment 8 Ondrej Vasik 2015-01-30 11:31:04 UTC

Done in Rawhide - setup-2.9.5-1.fc22:
* Fri Jan 30 2015 Ondrej Vasik <ovasik> - 2.9.5-1
- assign uidgid for systemd-network(192:192) - FPC 481,bz#1102002
- assign uidgid for systemd-resolve(193:193) - FPC 481,bz#1102002

Not assigning the systemd-timesync as it got +3/-3 votes.
Once it is clear there is no longer expected approval of systemd-timesync, I can run F20/F21 updates.

Comment 9 Fedora Update System 2015-02-23 15:16:45 UTC

setup-2.9.0-4.fc21 has been submitted as an update for Fedora 21.
https://admin.fedoraproject.org/updates/setup-2.9.0-4.fc21

Comment 10 Fedora Update System 2015-02-25 13:27:08 UTC

Package setup-2.9.0-4.fc21:
* should fix your issue,
* was pushed to the Fedora 21 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing setup-2.9.0-4.fc21'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2015-2502/setup-2.9.0-4.fc21
then log in and leave karma (feedback).

Comment 11 Jaroslav Reznik 2015-03-03 17:18:34 UTC

This bug appears to have been reported against 'rawhide' during the Fedora 22 development cycle.
Changing version to '22'.

More information and reason for this action is here:
https://fedoraproject.org/wiki/Fedora_Program_Management/HouseKeeping/Fedora22

Comment 12 Fedora Update System 2015-03-06 07:00:48 UTC

setup-2.9.0-4.fc21 has been pushed to the Fedora 21 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.