Bug 476782 - Create "pkiuser" with a predetermined system "UID" and "GID" . . .
Create "pkiuser" with a predetermined system "UID" and "GID" . . .
Status: CLOSED ERRATA
Product: Dogtag Certificate System
Classification: Community
Component: Infrastructure (Show other bugs)
1.0
All All
high Severity medium
: ---
: ---
Assigned To: Matthew Harmsen
Chandrasekar Kannan
:
Depends On:
Blocks: 443788 503282 503283
  Show dependency treegraph
 
Reported: 2008-12-16 22:20 EST by Matthew Harmsen
Modified: 2015-01-04 18:35 EST (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 503282 503283 (view as bug list)
Environment:
Last Closed: 2009-07-22 19:30:51 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Matthew Harmsen 2008-12-16 22:20:59 EST
Register a "pkiuser" system UID/GID pair at https://fedoraproject.org/wiki/PackageUserRegistry, and apply the logic specified at https://fedoraproject.org/wiki/PackageUserCreation to implement this specified UID/GID pair for the following packages:

    pki-ca,
    pki-kra,
    pki-ocsp,
    pki-ra,
    pki-tks, and
    pki-tps

on Fedora 8, Fedora 9, and Fedora 10.
Comment 4 Matthew Harmsen 2009-05-30 14:20:24 EDT
From Bugzilla Bug #476316, Ondrej Vasik (ovasik@redhat.com)  2008-12-17 03:43:34 EDT wrote:

================================================================================
About Fedora User Registry Page - I'm really not sure, but since there will be
17:17 reserved in RHEL, I guess it would be better to add that uidgid pair to
fedora setup as well - I'm ok with it and probably will do that - as the Fedora
Registry does begin higher than 100 (they start uid/gid's on some specific
(high) number). I'm not sure how the system works there, so I guess adding
17:17 to Rawhide (and possible with next update to F-9 and F-10 as well) will
be easiest way to solve it in Fedora. 

I guess one package which adds that user should be enough... but I don't know
too much about Fedora's Package User Creation process. It would be better to
ask someone more familiar with it. Anyway - if added via uidgid file, that
things will be not needed.
================================================================================


As a consequence of this, I do not plan to make any changes to the top-level PKI spec files for the Dogtag Certificate System.
Comment 10 Jenny Galipeau 2009-06-15 10:28:12 EDT
verified

UID - GID 17 available
[root@jennyv1 yum.repos.d]# more /etc/passwd | grep pkiuser
pkiuser:x:17:17:Red hat Certificate System:/usr/share/pki:/sbin/nologin
[root@jennyv1 yum.repos.d]# more /etc/group | grep pkiuser
pkiuser:x:17:


UID - GID 17 not available
Adding default PKI group "pkiuser" (gid=17) to /etc/group.
groupadd: GID 17 is not unique
Adding default PKI group "pkiuser" (gid=random) to /etc/group.
Adding default PKI user "pkiuser" (uid=17) to /etc/passwd.
useradd: UID 17 is not unique
Adding default PKI user "pkiuser" (uid=random) to /etc/passwd.

pkiuser:x:504:504:Red hat Certificate System:/usr/share/pki:/sbin/nologin
[root@jennyv1 yum.repos.d]# more /etc/passwd | grep pkiuser
pkiuser:x:504:504:Red hat Certificate System:/usr/share/pki:/sbin/nologin
[root@jennyv1 yum.repos.d]# more /etc/group | grep pkiuser
pkiuser:x:504:

Note You need to log in before you can comment on or make changes to this bug.