1117300 – ipa user-add cannot assign UID/GID 999

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1117300 - ipa user-add cannot assign UID/GID 999

Summary: ipa user-add cannot assign UID/GID 999

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	ipa
Sub Component:
Version:	6.7
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	Martin Kosek
QA Contact:	Namita Soman
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2014-07-08 13:09 UTC by Imed Chihi
Modified:	2018-12-06 17:14 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2014-07-28 10:43:51 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Imed Chihi 2014-07-08 13:09:53 UTC

Description of problem:
The "ipa user-add" cannot create users with UID=999 or GID=999.  When this 999 value is passed on the command line, it seems to be ignored and the ipa tool assigns an automatically generated value instead of 999.

Version-Release number of selected component (if applicable):
Red Hat Enterprise Linux 6

How reproducible:
Always

Steps to Reproduce:
1. run: 
# ipa user-add someuser --uid=999 --first=Some --last=User

Actual results:
Command output is:
(..)
UID: 1453600009
(..)

Expected results:
Command output is:
(..)
UID: 999
(..)

Additional info:
The Identity Management version shipped with Red Hat Enterprise Linux 6 has DNA_MAGIC set to 999 in /usr/lib/python2.6/site-packages/ipalib/plugins/user.py.  This makes 999 unallocatable for UIDs and GIDs.
This is a suggestion to implement the same RHEL 7 in BZ#837364.
Upstream fix changed the DNA_MAGIC to -1:  http://www.redhat.com/archives/freeipa-devel/2013-February/msg00362.html

Comment 2 Petr Viktorin (pviktori) 2014-07-09 08:19:44 UTC

That this would require the client to send some kind of extended version number/capability list to indicate a "999" actually means "999". Also, the server would need to understand this extended information.
Something like this is being considered upstream, in https://fedorahosted.org/freeipa/ticket/4427.

Comment 3 Martin Kosek 2014-07-28 10:43:51 UTC

Sorry for delay. Petr is right, this change would require significant changes to FreeIPA server both on RHEL-6.x and on RHEL-7. Given the complexity of the fix in RHEL-6.x, low severity of the issue and given that it is already fixed in RHEL-7.0, I will close this request as WONTFIX.

To workaround, customer can for use ldapmodify to change the UID to 999 or alternatively, install a RHEL-7.0 replica where the user with UID 999 can be added and will be replicated also to RHEL-6.x servers.

If this information is not sufficient for you or for the customer, please reopen with proper business justification.

Comment 6 Imed Chihi 2014-08-24 11:25:24 UTC

Solution published here https://access.redhat.com/solutions/1144973.  Feel free to edit or suggest fixes/improvements.

Comment 7 Martin Kosek 2014-08-25 10:03:28 UTC

It looks ok, thanks! I am wondering that the Diagnostics part may be more difficult than it needs to be, "cat" on that file will print a lot of info that user will need to search in.

Maybe offering just

# grep "DNA_MAGIC = " /usr/lib/python2.6/site-packages/ipalib/plugins/user.py
DNA_MAGIC = 999

Would be easier. But this is just a minor improvement suggestion, nothing foundational.

Note You need to log in before you can comment on or make changes to this bug.