Bug 2218209 - useradd: invalid user ID '389:389': installing 389-ds-base in container fails to create the dirsrv user
Summary: useradd: invalid user ID '389:389': installing 389-ds-base in container fails...
Keywords:
Status: VERIFIED
Alias: None
Product: Red Hat Enterprise Linux 9
Classification: Red Hat
Component: 389-ds-base
Version: CentOS Stream
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: rc
: 9.3
Assignee: LDAP Maintainers
QA Contact: LDAP QA Team
URL:
Whiteboard: sync-to-jira
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2023-06-28 13:05 UTC by Jan Pazdziora
Modified: 2023-08-17 08:30 UTC (History)
7 users (show)

Fixed In Version: 389-ds-base-2.3.6-2.el9
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Type: Bug
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker IDMDS-3263 0 None None None 2023-06-28 15:24:07 UTC
Red Hat Issue Tracker IDMDS-3562 0 None None None 2023-08-14 08:23:07 UTC
Red Hat Issue Tracker RHELPLAN-161078 0 None None None 2023-06-28 13:08:05 UTC

Description Jan Pazdziora 2023-06-28 13:05:43 UTC 
Description of problem:

When installing 389-ds-base package in container, the dirsrv with uid 389 no longer gets created.

Version-Release number of selected component (if applicable):

389-ds-base-2.3.4-2.el9.x86_64

How reproducible:

Deterministic.

Steps to Reproduce:
1. $ podman run --rm quay.io/centos/centos:stream9 bash -c 'dnf install -y 389-ds-base && grep dirsrv /etc/passwd'

Actual results:

$ podman run --rm quay.io/centos/centos:stream9 bash -c 'dnf install -y 389-ds-base && grep dirsrv /etc/passwd'
CentOS Stream 9 - BaseOS                        7.0 MB/s | 6.2 MB     00:00    
CentOS Stream 9 - AppStream                      13 MB/s |  17 MB     00:01    
CentOS Stream 9 - Extras packages               115 kB/s |  12 kB     00:00    
Dependencies resolved.
================================================================================
 Package                        Arch     Version              Repository   Size
================================================================================
Installing:
 389-ds-base                    x86_64   2.3.4-2.el9          appstream   2.9 M
Installing dependencies:
 389-ds-base-libs               x86_64   2.3.4-2.el9          appstream   1.5 M
 acl                            x86_64   2.3.1-3.el9          baseos       73 k

[...]

  Installing       : cyrus-sasl-gssapi-2.1.27-21.el9.x86_64             148/151 
  Installing       : python3-lib389-2.3.4-2.el9.noarch                  149/151 
  Installing       : 389-ds-base-2.3.4-2.el9.x86_64                     150/151 
  Running scriptlet: 389-ds-base-2.3.4-2.el9.x86_64                     150/151 
useradd: invalid user ID '389:389'

  Installing       : rpm-plugin-selinux-4.16.1.3-23.el9.x86_64          151/151 
  Running scriptlet: nss-3.79.0-18.el9.x86_64                           151/151 
  Running scriptlet: selinux-policy-targeted-38.1.15-1.el9.noarch       151/151 

[...]

  util-linux-2.37.4-11.el9.x86_64                                               
  util-linux-core-2.37.4-11.el9.x86_64                                          

Complete!
$

Expected results:

[...]

  systemd-rpm-macros-252-15.el9.noarch                                          
  util-linux-2.37.4-11.el9.x86_64                                               
  util-linux-core-2.37.4-11.el9.x86_64                                          

Complete!
dirsrv:x:389:389:user for 389-ds-base:/usr/share/dirsrv/:/sbin/nologin
$

Additional info:
Comment 1 Jan Pazdziora 2023-06-28 14:20:55 UTC 
The %sysusers_create_compat in https://gitlab.com/redhat/centos-stream/rpms/389-ds-base/-/blob/c9s/389-ds-base.spec expands using /usr/lib/rpm/sysusers.generate-pre.sh from systemd-rpm-macros-252-15.el9.noarch. That code is different from the respective one in Fedora and does not understand the

  u     dirsrv   389:389

entry.
Comment 2 Jan Pazdziora 2023-06-29 07:42:16 UTC 
Note bug 2217149 which talks about sysusers.generate-pre.sh. It might make sense with the systemd maintainers about the correct approach / timing.
Comment 3 Viktor Ashirov 2023-08-03 14:12:45 UTC 
This is fixed in systemd-252-16.el9, but we need to rebuild 389-ds-base against the new systemd package to generate new script snippet.
Moving to POST to be picked up by the next build.
Comment 4 Viktor Ashirov 2023-08-14 15:52:27 UTC 
$ podman run --rm quay.io/centos/centos:stream9 bash -c 'dnf install -y 389-ds-base && grep dirsrv /etc/passwd'

...

Installed:
  389-ds-base-2.3.4-3.el9.x86_64
  389-ds-base-libs-2.3.4-3.el9.x86_64
...
  systemd-252-16.el9.x86_64
  systemd-libs-252-16.el9.x86_64
  systemd-pam-252-16.el9.x86_64
  systemd-rpm-macros-252-16.el9.noarch
...

Complete!
dirsrv:x:389:389:user for 389-ds-base:/usr/share/dirsrv/:/sbin/nologin


Marking as Verified:Tested.
Comment 7 bsmejkal 2023-08-17 08:30:07 UTC 
As per comment #c5 marking as VERIFIED.
Note You need to log in before you can comment on or make changes to this bug.