Bug 1265099 - RFE: Use soft static uid/gid in sssd-common scriptlet
RFE: Use soft static uid/gid in sssd-common scriptlet
Status: NEW
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: sssd (Show other bugs)
Unspecified Unspecified
medium Severity medium
: rc
: ---
Assigned To: Jakub Hrozek
Namita Soman
: FutureFeature
Depends On:
  Show dependency treegraph
Reported: 2015-09-22 02:30 EDT by Jan Pazdziora
Modified: 2017-09-27 23:26 EDT (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Jan Pazdziora 2015-09-22 02:30:40 EDT
Description of problem:

For Atomic deployments, we'd need soft static uid/gid for sssd user to be able to install and configure sssd on the host and then move the execution to container, and vice versa. Because the data and config directories and files are created by rpm during package installation, we want the uid on the host and in the containers to match because processes running in container will need to manipulate the data on host's filesystem, and create new files as well. The order in which the packages are installed on host and container can lead to different uids to be used when we (currently) don't specify one.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. On RHEL 7 host, run yum install -y sssd-common.
2. Build a container from Dockerfile

    FROM rhel7
    RUN yum install -y sssd-common

3. Check the sssd uid on host and in the container.

Actual results:

Chances are, the uids differ. If they don't install chronyd and unbound on the host as well before installing sssd-common.

Expected results:

The same uid on host and in containers that can be counted on.

Additional info:

I've filed request for the uid allocation at https://fedorahosted.org/fpc/ticket/570.

For the record, the guidelines for allocating uids/gids and creating the system users are at https://fedoraproject.org/wiki/Packaging:UsersAndGroups#Soft_static_allocation
Comment 1 Jakub Hrozek 2016-01-11 10:42:43 EST
This request needs to be implemented in Fedora first.
Comment 2 Jakub Hrozek 2016-06-27 04:46:23 EDT
This change still needs to happen in Fedora first.
Comment 3 Jakub Hrozek 2017-08-08 06:22:17 EDT
This bug still makes sense, but I don't think it is realistic to implement this change in RHEL-7. At the moment (for the purposes of planning of RHEL-7.5), I'm adding a conditional nack/upstream.

I think implementing this RFE in Fedora and therefore eventually in RHEL-8 is more realistic.

Note You need to log in before you can comment on or make changes to this bug.