Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1565929

Summary: [RFE] [RHOS 12] - Change UID & GID of OpenStack service users according Compliance
Product: Red Hat OpenStack Reporter: Pradipta Kumar Sahoo <psahoo>
Component: rhosp-directorAssignee: Angus Thomas <athomas>
Status: CLOSED WONTFIX QA Contact:
Severity: high Docs Contact:
Priority: medium    
Version: 12.0 (Pike)CC: aguetta, akaiser, akaris, apevec, aschultz, athomas, bdobreli, dbecker, dwojewod, kecarter, mburns, morazi, owalsh, psahoo
Target Milestone: ---Keywords: FutureFeature
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1722436 (view as bug list) Environment:
Last Closed: 2020-11-20 16:39:43 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1722436    

Description Pradipta Kumar Sahoo 2018-04-11 05:08:43 UTC 
Description of problem:
According to compliance, one of our customer wanted to change the UID and GID of OpenStack service users in director based deployment.

As per my understanding If we manually modify the UID & GID, the problem can come when Director installs new RPMS during upgrade/update of OpenStack services. Then you have a collision and packages fail to deploy.
So usually we don't recommend to modify the UID/GID of nay OpenStack service user.

Do we have any documented a list with UIDs / GIDs that should not be changed for OpenStack? WOuld it possible to document it in our official security-hardening guide.

Also, need to understand if customer change other UID/GID (and have some issues, when upgrading/installing RPMs) is the OpenStack instance still supported? 


Version-Release number of selected component (if applicable):
Red Hat OpenStack 12



Actual results:
List of UID and GID information not available in our security_and_hardening_guide which customer should not change.
https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/12/html/security_and_hardening_guide/
Comment 2 Ollie Walsh 2018-04-11 13:25:43 UTC 
RHEL/CentOS/Fedora list the static uid & gids in /usr/share/doc/setup-<version>/uidgid. Possibly /usr/share/doc/setup/uidgid on newer releases.
Comment 12 Kevin Carter 2020-11-20 16:39:43 UTC 
With the implementation of our fully containerized solution the UID and GID of the services is defined by the container build; while configurable in the new paradigm, this is not something we recommend changing. Because the original ask is no longer relevant due containerization, we're closing this RFE. If there's an additional ask targeting our current releases, please open a new RFE containing the new ask.