Bugzilla (bugzilla.redhat.com) will be under maintenance for infrastructure upgrades and will not be available on July 31st between 12:30 AM - 05:30 AM UTC. We appreciate your understanding and patience. You can follow status.redhat.com for details.
Bug 1565929 - [RFE] [RHOS 12] - Change UID & GID of OpenStack service users according Compliance
Summary: [RFE] [RHOS 12] - Change UID & GID of OpenStack service users according Compl...
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: rhosp-director
Version: 12.0 (Pike)
Hardware: x86_64
OS: Linux
medium
high
Target Milestone: ---
: ---
Assignee: Angus Thomas
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 1722436
TreeView+ depends on / blocked
 
Reported: 2018-04-11 05:08 UTC by Pradipta Kumar Sahoo
Modified: 2021-06-10 15:45 UTC (History)
14 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1722436 (view as bug list)
Environment:
Last Closed: 2020-11-20 16:39:43 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Knowledge Base (Solution) 4456701 0 None None None 2019-11-25 16:29:27 UTC

Description Pradipta Kumar Sahoo 2018-04-11 05:08:43 UTC
Description of problem:
According to compliance, one of our customer wanted to change the UID and GID of OpenStack service users in director based deployment.

As per my understanding If we manually modify the UID & GID, the problem can come when Director installs new RPMS during upgrade/update of OpenStack services. Then you have a collision and packages fail to deploy.
So usually we don't recommend to modify the UID/GID of nay OpenStack service user.

Do we have any documented a list with UIDs / GIDs that should not be changed for OpenStack? WOuld it possible to document it in our official security-hardening guide.

Also, need to understand if customer change other UID/GID (and have some issues, when upgrading/installing RPMs) is the OpenStack instance still supported? 


Version-Release number of selected component (if applicable):
Red Hat OpenStack 12



Actual results:
List of UID and GID information not available in our security_and_hardening_guide which customer should not change.
https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/12/html/security_and_hardening_guide/

Comment 2 Ollie Walsh 2018-04-11 13:25:43 UTC
RHEL/CentOS/Fedora list the static uid & gids in /usr/share/doc/setup-<version>/uidgid. Possibly /usr/share/doc/setup/uidgid on newer releases.

Comment 12 Kevin Carter 2020-11-20 16:39:43 UTC
With the implementation of our fully containerized solution the UID and GID of the services is defined by the container build; while configurable in the new paradigm, this is not something we recommend changing. Because the original ask is no longer relevant due containerization, we're closing this RFE. If there's an additional ask targeting our current releases, please open a new RFE containing the new ask.


Note You need to log in before you can comment on or make changes to this bug.