RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 805546 - when adding a user with --noprivate option gidNumber should be required
Summary: when adding a user with --noprivate option gidNumber should be required
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: ipa
Version: 6.3
Hardware: Unspecified
OS: Unspecified
high
unspecified
Target Milestone: rc
: ---
Assignee: Rob Crittenden
QA Contact: IDM QE LIST
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-03-21 14:53 UTC by Jenny Severance
Modified: 2015-01-21 20:04 UTC (History)
1 user (show)

Fixed In Version: ipa-2.2.0-9.el6
Doc Type: Bug Fix
Doc Text:
No documentation needed.
Clone Of:
Environment:
Last Closed: 2012-06-20 13:25:19 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2012:0819 0 normal SHIPPED_LIVE ipa bug fix and enhancement update 2012-06-19 20:34:17 UTC

Description Jenny Severance 2012-03-21 14:53:47 UTC 
Description of problem:

When adding a user with --noprivate (don't add private user group ) the user's gidNumber should be set to the gidNumber ipausers, right now it is being set to the user's gidNumber like there was a private group added.

ipa user-add --first=test --last=test --noprivate test
-----------------
Added user "test"
-----------------
  User login: test
  First name: test
  Last name: test
  Full name: test test
  Display name: test test
  Initials: tt
  Home directory: /home/test
  GECOS field: test test
  Login shell: /bin/sh
  Kerberos principal: test
  UID: 404600032
  GID: 404600032   <========================================================
  Password: False
  Kerberos keys available: False

# ipa group-find --private test
----------------
0 groups matched
----------------
----------------------------
Number of entries returned 0



Version-Release number of selected component (if applicable):
ipa-server-2.2.0-4.el6.x86_64

How reproducible:
always

Steps to Reproduce:
1. See description
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Jenny Severance 2012-03-21 15:05:21 UTC 
Can not set to ipausers, as the default is now non-posix and it doesn't have a gidNumber .... add should fail with gidNumber required
Comment 2 Jenny Severance 2012-03-21 16:38:44 UTC 
The following automated tests were added ::


::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: ipa-user-add-052: user gidnumber defaults to upg gidnumber which matches user uidnumber
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   PASS   ] :: Running 'ipa user-add --first=test --last=test testusr'
:: [   PASS   ] :: User gidnumber matches user uidnumber.  uidNumber: 404600090  gidNumber: 404600090
:: [   LOG    ] :: Duration: 13s
:: [   LOG    ] :: Assertions: 2 good, 0 bad
:: [   PASS   ] :: RESULT: ipa-user-add-052: user gidnumber defaults to upg gidnumber which matches user uidnumber

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: ipa-user-add-053: --noprivate group specified gidnumber exists - default group non-posix
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   PASS   ] :: Running 'ipa user-add --first=test --last=test --noprivate --gidnumber=404600091 testusr'
:: [   PASS   ] :: Make sure private group not added
:: [   PASS   ] :: User's gidnumber as expected.
:: [   LOG    ] :: Duration: 22s
:: [   LOG    ] :: Assertions: 3 good, 0 bad
:: [   PASS   ] :: RESULT: ipa-user-add-053: --noprivate group specified gidnumber exist - ipausers non-posix

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: bz805546 --noprivate group specified gid number does not exist - default group non-posix
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   LOG    ] :: Executing: ipa user-add --first=test --last=test --noprivate --gidnumber=123 testusr
:: [   LOG    ] :: ERROR: Expected "ipa user-add --first=test --last=test --noprivate --gidnumber=123 testusr" to fail.
:: [   FAIL   ] :: Verify expected error message. (Expected 0, got 1)
:: [   LOG    ] :: Duration: 7s
:: [   LOG    ] :: Assertions: 0 good, 1 bad
:: [   FAIL   ] :: RESULT: ipa-user-add-054: --noprivate group specified gid number does not exist - default group non-posix

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: bz805546 --noprivate gidnumber not specifiec - default group posix
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   PASS   ] :: Change default group to testgrp gidnumber: 404600094
:: [   PASS   ] :: Running 'ipa user-add --first=test --last=test --noprivate testusr'
:: [   PASS   ] :: Make sure private group not added
:: [   FAIL   ] :: User's gidnumber not as expected.  Expected: 404600094  Got: 404600095 
:: [   LOG    ] :: Duration: 25s
:: [   LOG    ] :: Assertions: 3 good, 1 bad
:: [   FAIL   ] :: RESULT: ipa-user-add-055: --noprivate gidnumber not specifiec - default group posix

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: bz805546 when adding a user with --noprivate option the gidNumber should be required
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   LOG    ] :: Executing: ipa user-add --first=test --last=test --noprivate testusr
:: [   LOG    ] :: ERROR: Expected "ipa user-add --first=test --last=test --noprivate testusr" to fail.
:: [   FAIL   ] :: Verify expected error message. (Expected 0, got 1)
:: [   LOG    ] :: Duration: 7s
:: [   LOG    ] :: Assertions: 0 good, 1 bad
:: [   FAIL   ] :: RESULT: bz805546 when adding a user with --noprivate option the gidNumber should be required
Comment 3 Martin Kosek 2012-03-22 08:40:04 UTC 
Upstream ticket:
https://fedorahosted.org/freeipa/ticket/2572
Comment 4 Martin Kosek 2012-04-05 13:06:11 UTC 
Fixed upstream:
master: https://fedorahosted.org/freeipa/changeset/cdebb29fecdd959808b4f0ea0245e371eba06eae
ipa-2-2: https://fedorahosted.org/freeipa/changeset/811faafeecbbba7cc8a16ad7b16d2a64643f3202
Comment 8 Martin Kosek 2012-04-25 09:41:12 UTC 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
No documentation needed.
Comment 9 Jenny Severance 2012-05-03 14:01:16 UTC 
verified ::

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: ipa-user-add-052: user gidnumber defaults to upg gidnumber which matches user uidnumber
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   PASS   ] :: Running 'ipa user-add --first=test --last=test testusr'
:: [   PASS   ] :: User gidnumber matches user uidnumber.  uidNumber: 1895200026  gidNumber: 1895200026
:: [   LOG    ] :: Duration: 8s
:: [   LOG    ] :: Assertions: 2 good, 0 bad
:: [   PASS   ] :: RESULT: ipa-user-add-052: user gidnumber defaults to upg gidnumber which matches user uidnumber

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: ipa-user-add-053: --noprivate group specified gidnumber exists - default group non-posix
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   PASS   ] :: Running 'ipa user-add --first=test --last=test --noprivate --gidnumber=1895200027 testusr'
:: [   PASS   ] :: Make sure private group not added
:: [   PASS   ] :: User's gidnumber as expected.
:: [   LOG    ] :: Duration: 14s
:: [   LOG    ] :: Assertions: 3 good, 0 bad
:: [   PASS   ] :: RESULT: ipa-user-add-053: --noprivate group specified gidnumber exists - default group non-posix


::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: bz805546 --noprivate group specified gid number does not exist - default group non-posix
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   PASS   ] :: Running 'ipa user-add --first=test --last=test --noprivate --gidnumber=123 testusr'
:: [   PASS   ] :: Make sure private group not added
:: [   PASS   ] :: User's gidnumber as expected.
:: [   PASS   ] :: Running 'ipa user-del testusr'
:: [   LOG    ] :: Duration: 8s
:: [   LOG    ] :: Assertions: 4 good, 0 bad
:: [   PASS   ] :: RESULT: bz805546 --noprivate group specified gid number does not exist - default group non-posix

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: bz805546 --noprivate gidnumber not specifiec - default group posix
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   PASS   ] :: Change default group to testgrp gidnumber: 1895200031
:: [   PASS   ] :: Running 'ipa user-add --first=test --last=test --noprivate testusr'
:: [   PASS   ] :: Make sure private group not added
:: [   PASS   ] :: User's gidnumber as expected.
:: [   LOG    ] :: Duration: 18s
:: [   LOG    ] :: Assertions: 4 good, 0 bad
:: [   PASS   ] :: RESULT: bz805546 --noprivate gidnumber not specifiec - default group posix

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: bz805546 when adding a user with --noprivate option the gidNumber should be required
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   LOG    ] :: Executing: ipa user-add --first=test --last=test --noprivate testusr
:: [   LOG    ] :: "ipa user-add --first=test --last=test --noprivate testusr" failed as expected.
:: [   PASS   ] :: Error message as expected: ipa: ERROR: Default group for new users is not POSIX
:: [   PASS   ] :: Verify expected error message.
:: [   LOG    ] :: Duration: 6s
:: [   LOG    ] :: Assertions: 2 good, 0 bad
:: [   PASS   ] :: RESULT: bz805546 when adding a user with --noprivate option the gidNumber should be required


version ::

ipa-server-2.2.0-11.el6
Comment 11 errata-xmlrpc 2012-06-20 13:25:19 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2012-0819.html
Note You need to log in before you can comment on or make changes to this bug.