Description of problem:
According to compliance, one of our customer wanted to change the UID and GID of OpenStack service users in director based deployment.
As per my understanding If we manually modify the UID & GID, the problem can come when Director installs new RPMS during upgrade/update of OpenStack services. Then you have a collision and packages fail to deploy.
So usually we don't recommend to modify the UID/GID of nay OpenStack service user.
Do we have any documented a list with UIDs / GIDs that should not be changed for OpenStack? WOuld it possible to document it in our official security-hardening guide.
Also, need to understand if customer change other UID/GID (and have some issues, when upgrading/installing RPMs) is the OpenStack instance still supported?
Version-Release number of selected component (if applicable):
Red Hat OpenStack 12
List of UID and GID information not available in our security_and_hardening_guide which customer should not change.
RHEL/CentOS/Fedora list the static uid & gids in /usr/share/doc/setup-<version>/uidgid. Possibly /usr/share/doc/setup/uidgid on newer releases.
With the implementation of our fully containerized solution the UID and GID of the services is defined by the container build; while configurable in the new paradigm, this is not something we recommend changing. Because the original ask is no longer relevant due containerization, we're closing this RFE. If there's an additional ask targeting our current releases, please open a new RFE containing the new ask.