Bug 2095366 - [RFE] 389-ds-base systemd-sysusers
Summary: [RFE] 389-ds-base systemd-sysusers
Keywords:
Status: VERIFIED
Alias: None
Product: Red Hat Enterprise Linux 9
Classification: Red Hat
Component: 389-ds-base
Version: CentOS Stream
Hardware: Unspecified
OS: Unspecified
high
medium
Target Milestone: rc
: 9.3
Assignee: Simon Pichugin
QA Contact: LDAP QA Team
URL:
Whiteboard: sync-to-jira
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2022-06-09 16:32 UTC by Pat Riehecky
Modified: 2023-06-28 14:15 UTC (History)
10 users (show)

Fixed In Version: 389-ds-base-2.2.4-4.el9
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Type: Bug
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker IDMDS-2593 0 None None None 2022-10-26 15:53:27 UTC
Red Hat Issue Tracker IDMDS-2848 0 None None None 2023-03-07 21:07:42 UTC
Red Hat Issue Tracker RHELPLAN-124831 0 None None None 2022-06-09 16:35:08 UTC

Description Pat Riehecky 2022-06-09 16:32:38 UTC
Description of problem:
389-ds-base is using static useradd commands rather than systemd-sysusers

Version-Release number of selected component (if applicable):389-ds-base-2.1.1-1.el9


How reproducible:
100%

Steps to Reproduce:
1. review %post scripts
2.
3.

Actual results:
/usr/sbin/useradd -r -u $ALLOCATED_UID -g $GROUPNAME -d $HOMEDIR -s /sbin/nologin -c "user for 389-ds-base" $USERNAME


Expected results:
use of system-sysusers 

Additional info:
https://www.freedesktop.org/software/systemd/man/systemd-sysusers.html
https://fedoraproject.org/wiki/Changes/Adopting_sysusers.d_format

Comment 8 Jamie Chapman 2023-05-24 00:05:17 UTC
Verified with the following

uname -a
5.14.0-312.el9.x86_64

cat /etc/redhat-release
Red Hat Enterprise Linux release 9.3 Beta (Plow)

ns-slapd --version
389-Directory/2.3.4 B2023.139.0000

Post Install script
# https://fedoraproject.org/wiki/Packaging:UsersAndGroups#Soft_static_allocation
# Soft static allocation for UID and GID
# sysusers.d format https://fedoraproject.org/wiki/Changes/Adopting_sysusers.d_format

# generated from 389-ds-base.sysusers
getent group 'dirsrv' >/dev/null || groupadd -f -g '389' -r 'dirsrv'
getent group 'dirsrv' >/dev/null || groupadd -f -g '389:389' -r 'dirsrv'
if ! getent passwd 'dirsrv' >/dev/null ; then
    if ! getent passwd '389:389' >/dev/null ; then
        useradd -r -u '389:389' -g 'dirsrv' -d '/usr/share/dirsrv/' -s /sbin/nologin -c 'user for 389-ds-base' 'dirsrv'
    else
        useradd -r -g 'dirsrv' -d '/usr/share/dirsrv/' -s /sbin/nologin -c 'user for 389-ds-base' 'dirsrv'
    fi
fi

Comment 9 Jan Pazdziora 2023-06-28 13:09:56 UTC
This change causes regression bug 2218209. The command

  useradd -r -u '389:389' -g 'dirsrv' -d '/usr/share/dirsrv/' -s /sbin/nologin -c 'user for 389-ds-base' 'dirsrv'

shown in comment 8 results in

  useradd: invalid user ID '389:389'

Comment 10 Jan Pazdziora 2023-06-28 14:15:27 UTC
I assume that the reason you likely saw the /etc/passwd entry being created in your testing on host are the file triggers that currently do not work for systemd-sysusers -- bug 2218242.


Note You need to log in before you can comment on or make changes to this bug.