Register a "pkiuser" system UID/GID pair at https://fedoraproject.org/wiki/PackageUserRegistry, and apply the logic specified at https://fedoraproject.org/wiki/PackageUserCreation to implement this specified UID/GID pair for the following packages: pki-ca, pki-kra, pki-ocsp, pki-ra, pki-tks, and pki-tps on Fedora 8, Fedora 9, and Fedora 10.
From Bugzilla Bug #476316, Ondrej Vasik (ovasik) 2008-12-17 03:43:34 EDT wrote: ================================================================================ About Fedora User Registry Page - I'm really not sure, but since there will be 17:17 reserved in RHEL, I guess it would be better to add that uidgid pair to fedora setup as well - I'm ok with it and probably will do that - as the Fedora Registry does begin higher than 100 (they start uid/gid's on some specific (high) number). I'm not sure how the system works there, so I guess adding 17:17 to Rawhide (and possible with next update to F-9 and F-10 as well) will be easiest way to solve it in Fedora. I guess one package which adds that user should be enough... but I don't know too much about Fedora's Package User Creation process. It would be better to ask someone more familiar with it. Anyway - if added via uidgid file, that things will be not needed. ================================================================================ As a consequence of this, I do not plan to make any changes to the top-level PKI spec files for the Dogtag Certificate System.
verified UID - GID 17 available [root@jennyv1 yum.repos.d]# more /etc/passwd | grep pkiuser pkiuser:x:17:17:Red hat Certificate System:/usr/share/pki:/sbin/nologin [root@jennyv1 yum.repos.d]# more /etc/group | grep pkiuser pkiuser:x:17: UID - GID 17 not available Adding default PKI group "pkiuser" (gid=17) to /etc/group. groupadd: GID 17 is not unique Adding default PKI group "pkiuser" (gid=random) to /etc/group. Adding default PKI user "pkiuser" (uid=17) to /etc/passwd. useradd: UID 17 is not unique Adding default PKI user "pkiuser" (uid=random) to /etc/passwd. pkiuser:x:504:504:Red hat Certificate System:/usr/share/pki:/sbin/nologin [root@jennyv1 yum.repos.d]# more /etc/passwd | grep pkiuser pkiuser:x:504:504:Red hat Certificate System:/usr/share/pki:/sbin/nologin [root@jennyv1 yum.repos.d]# more /etc/group | grep pkiuser pkiuser:x:504: