Description of problem: 389-ds-base is using static useradd commands rather than systemd-sysusers Version-Release number of selected component (if applicable):389-ds-base-2.1.1-1.el9 How reproducible: 100% Steps to Reproduce: 1. review %post scripts 2. 3. Actual results: /usr/sbin/useradd -r -u $ALLOCATED_UID -g $GROUPNAME -d $HOMEDIR -s /sbin/nologin -c "user for 389-ds-base" $USERNAME Expected results: use of system-sysusers Additional info: https://www.freedesktop.org/software/systemd/man/systemd-sysusers.html https://fedoraproject.org/wiki/Changes/Adopting_sysusers.d_format
Verified with the following uname -a 5.14.0-312.el9.x86_64 cat /etc/redhat-release Red Hat Enterprise Linux release 9.3 Beta (Plow) ns-slapd --version 389-Directory/2.3.4 B2023.139.0000 Post Install script # https://fedoraproject.org/wiki/Packaging:UsersAndGroups#Soft_static_allocation # Soft static allocation for UID and GID # sysusers.d format https://fedoraproject.org/wiki/Changes/Adopting_sysusers.d_format # generated from 389-ds-base.sysusers getent group 'dirsrv' >/dev/null || groupadd -f -g '389' -r 'dirsrv' getent group 'dirsrv' >/dev/null || groupadd -f -g '389:389' -r 'dirsrv' if ! getent passwd 'dirsrv' >/dev/null ; then if ! getent passwd '389:389' >/dev/null ; then useradd -r -u '389:389' -g 'dirsrv' -d '/usr/share/dirsrv/' -s /sbin/nologin -c 'user for 389-ds-base' 'dirsrv' else useradd -r -g 'dirsrv' -d '/usr/share/dirsrv/' -s /sbin/nologin -c 'user for 389-ds-base' 'dirsrv' fi fi
This change causes regression bug 2218209. The command useradd -r -u '389:389' -g 'dirsrv' -d '/usr/share/dirsrv/' -s /sbin/nologin -c 'user for 389-ds-base' 'dirsrv' shown in comment 8 results in useradd: invalid user ID '389:389'
I assume that the reason you likely saw the /etc/passwd entry being created in your testing on host are the file triggers that currently do not work for systemd-sysusers -- bug 2218242.