Red Hat Bugzilla – Bug 1265099
RFE: Use soft static uid/gid in sssd-common scriptlet
Last modified: 2017-09-27 23:26:54 EDT
Description of problem:
For Atomic deployments, we'd need soft static uid/gid for sssd user to be able to install and configure sssd on the host and then move the execution to container, and vice versa. Because the data and config directories and files are created by rpm during package installation, we want the uid on the host and in the containers to match because processes running in container will need to manipulate the data on host's filesystem, and create new files as well. The order in which the packages are installed on host and container can lead to different uids to be used when we (currently) don't specify one.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. On RHEL 7 host, run yum install -y sssd-common.
2. Build a container from Dockerfile
RUN yum install -y sssd-common
3. Check the sssd uid on host and in the container.
Chances are, the uids differ. If they don't install chronyd and unbound on the host as well before installing sssd-common.
The same uid on host and in containers that can be counted on.
I've filed request for the uid allocation at https://fedorahosted.org/fpc/ticket/570.
For the record, the guidelines for allocating uids/gids and creating the system users are at https://fedoraproject.org/wiki/Packaging:UsersAndGroups#Soft_static_allocation
This request needs to be implemented in Fedora first.
This change still needs to happen in Fedora first.
This bug still makes sense, but I don't think it is realistic to implement this change in RHEL-7. At the moment (for the purposes of planning of RHEL-7.5), I'm adding a conditional nack/upstream.
I think implementing this RFE in Fedora and therefore eventually in RHEL-8 is more realistic.