Bug 476782 - Create "pkiuser" with a predetermined system "UID" and "GID" . . .
Summary: Create "pkiuser" with a predetermined system "UID" and "GID" . . .
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Dogtag Certificate System
Classification: Retired
Component: Infrastructure
Version: 1.0
Hardware: All
OS: All
high
medium
Target Milestone: ---
Assignee: Matthew Harmsen
QA Contact: Chandrasekar Kannan
URL:
Whiteboard:
Depends On:
Blocks: 443788 503282 503283
TreeView+ depends on / blocked
 
Reported: 2008-12-17 03:20 UTC by Matthew Harmsen
Modified: 2015-01-04 23:35 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
: 503282 503283 (view as bug list)
Environment:
Last Closed: 2009-07-22 23:30:51 UTC
Embargoed:

Attachments (Terms of Use)

Description Matthew Harmsen 2008-12-17 03:20:59 UTC 
Register a "pkiuser" system UID/GID pair at https://fedoraproject.org/wiki/PackageUserRegistry, and apply the logic specified at https://fedoraproject.org/wiki/PackageUserCreation to implement this specified UID/GID pair for the following packages:

    pki-ca,
    pki-kra,
    pki-ocsp,
    pki-ra,
    pki-tks, and
    pki-tps

on Fedora 8, Fedora 9, and Fedora 10.
Comment 4 Matthew Harmsen 2009-05-30 18:20:24 UTC 
From Bugzilla Bug #476316, Ondrej Vasik (ovasik)  2008-12-17 03:43:34 EDT wrote:

================================================================================
About Fedora User Registry Page - I'm really not sure, but since there will be
17:17 reserved in RHEL, I guess it would be better to add that uidgid pair to
fedora setup as well - I'm ok with it and probably will do that - as the Fedora
Registry does begin higher than 100 (they start uid/gid's on some specific
(high) number). I'm not sure how the system works there, so I guess adding
17:17 to Rawhide (and possible with next update to F-9 and F-10 as well) will
be easiest way to solve it in Fedora. 

I guess one package which adds that user should be enough... but I don't know
too much about Fedora's Package User Creation process. It would be better to
ask someone more familiar with it. Anyway - if added via uidgid file, that
things will be not needed.
================================================================================


As a consequence of this, I do not plan to make any changes to the top-level PKI spec files for the Dogtag Certificate System.
Comment 10 Jenny Severance 2009-06-15 14:28:12 UTC 
verified

UID - GID 17 available
[root@jennyv1 yum.repos.d]# more /etc/passwd | grep pkiuser
pkiuser:x:17:17:Red hat Certificate System:/usr/share/pki:/sbin/nologin
[root@jennyv1 yum.repos.d]# more /etc/group | grep pkiuser
pkiuser:x:17:


UID - GID 17 not available
Adding default PKI group "pkiuser" (gid=17) to /etc/group.
groupadd: GID 17 is not unique
Adding default PKI group "pkiuser" (gid=random) to /etc/group.
Adding default PKI user "pkiuser" (uid=17) to /etc/passwd.
useradd: UID 17 is not unique
Adding default PKI user "pkiuser" (uid=random) to /etc/passwd.

pkiuser:x:504:504:Red hat Certificate System:/usr/share/pki:/sbin/nologin
[root@jennyv1 yum.repos.d]# more /etc/passwd | grep pkiuser
pkiuser:x:504:504:Red hat Certificate System:/usr/share/pki:/sbin/nologin
[root@jennyv1 yum.repos.d]# more /etc/group | grep pkiuser
pkiuser:x:504:
Note You need to log in before you can comment on or make changes to this bug.