Bug 2095424 - [RFE] httpd use systemd-sysusers
Summary: [RFE] httpd use systemd-sysusers
Keywords:
Status: NEW
Alias: None
Product: Red Hat Enterprise Linux 9
Classification: Red Hat
Component: httpd
Version: CentOS Stream
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Luboš Uhliarik
QA Contact: rhel-cs-infra-services-qe
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2022-06-09 17:25 UTC by Pat Riehecky
Modified: 2023-07-11 09:21 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Type: Bug
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker RHELPLAN-124861 0 None None None 2022-06-09 17:34:56 UTC

Description Pat Riehecky 2022-06-09 17:25:02 UTC 
Description of problem:
httpd is using static useradd scripts

Version-Release number of selected component (if applicable):
httpd-2.4.53-2.el9

How reproducible:
100%

Steps to Reproduce:
1.review %pre
2.
3.

Actual results:
%pre filesystem
getent group apache >/dev/null || groupadd -g 48 -r apache
getent passwd apache >/dev/null || \
  useradd -r -u 48 -g apache -s /sbin/nologin \
    -d %{contentdir} -c "Apache" apache
exit 0

Expected results:
use of system-sysusers 

Additional info:
https://www.freedesktop.org/software/systemd/man/systemd-sysusers.html
https://fedoraproject.org/wiki/Changes/Adopting_sysusers.d_format
Comment 2 Luboš Uhliarik 2022-11-15 20:41:07 UTC 
Hi Pat,

Do you have any more knowledge regarding this request?

I was trying to adopt this new format with new macros, but then I found out that it is not so 
easy (or at least I don't know how) to change the content in sysusers.d file before it is 
processed by the RPM macro processor.

It would be nice, if I can in %prep section modify the sysuser file by e.g. sed, but so far 
it looks like that the macro in %pre section (%sysusers_create_compat httpd.sysusers) is expanded 
before %prep.

There is a possibility to hardcode e.g. %{nginx_user} into sysusers.d file or %{contentdir} in case 
of httpd apache, but if you change this variable in the spec file, it won't properly change in 
sysusers.d file.
Comment 3 Pat Riehecky 2022-11-15 20:48:01 UTC 
I'll confess I don't have specific detailed knowledge on this front.  I'm mostly going off the fedora guidelines and looking for places to help homoginize the behaviors.
Comment 4 Jonathan Wright 2023-07-05 21:39:00 UTC 
@luhliari https://gitlab.com/redhat/centos-stream/rpms/httpd/-/merge_requests/75
Comment 5 Luboš Uhliarik 2023-07-11 09:21:23 UTC 
(In reply to Jonathan Wright from comment #4)
> @luhliari
> https://gitlab.com/redhat/centos-stream/rpms/httpd/-/merge_requests/75

Hello Jonathan, I have similar change ready locally, but from what I know there is no option to use vars/params in systemd-sysusers file. I wanted to have in sysusers file something like:

---
g apache 48
u apache 48 "Apache" @CONTENTDIR@ /sbin/nologin
---


Because content dir can vary based on contentdir macro value definition on the top of the httpd.spec file:

define contentdir %{_datadir}/httpd


So far I could not find any way how to process that file before it is processed by %sysusers_create_compat macro.
Note You need to log in before you can comment on or make changes to this bug.