Bug 991508 - Add more detailed information about reserved uids/gids on RHEL [NEEDINFO]
Add more detailed information about reserved uids/gids on RHEL
Status: CLOSED CURRENTRELEASE
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: doc-Deployment_Guide (Show other bugs)
6.4
Unspecified Unspecified
high Severity unspecified
: rc
: ---
Assigned To: Maxim Svistunov
ecs-bugs
: Documentation
Depends On: 991502
Blocks: 991505
  Show dependency treegraph
 
Reported: 2013-08-02 11:23 EDT by Dave Sullivan
Modified: 2016-05-25 13:34 EDT (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-05-25 13:34:31 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
dsulliva: needinfo? (sghosh)


Attachments (Terms of Use)

  None (edit)
Description Dave Sullivan 2013-08-02 11:23:15 EDT
Document URL: 

https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html-single/Deployment_Guide/index.html#ch-Managing_Users_and_Groups

Section Number and Name: 

Chapter 3. Managing Users and Groups

Describe the issue: 

Reserved uids/gids are documented within the setup rpm.  It would be nice to make a reference to that.

cat /usr/share/doc/setup-2.8.14/uidgid

Also it would be nice to incorporate the information supplied here.

https://fedoraproject.org/wiki/Packaging:UsersAndGroups

Suggestions for improvement: 

Additional information: 

Specifically the allocation strategies.  If you look at those scripts you can sort of see how you prevent yourself from running into problems with uid/gid relative to using the dynamic allocation strategy.  

So it does look like setup rpm is the right spot, it's just a matter of folks following the FCP process for obtaining a soft static uid/gid.

we need to expose this to the RHEL Product PMs to ensure they are following this process.  As well as exposing this to third party/hardware partner vendors as well.

Because as we have seen from the setup rpm we are missing documented uid/gid for openstack, and I suspect there are others.

The other thing is that we will have to work on is migrating the above documentation into RHEL documentation.

On another note, it looks like there will be some movement of the reserved space going up to 1000.

So probably best to start non reserved gids at something higher then 1000, maybe 5000 is a good best practice strategy.
Comment 13 Kay Likes 2016-03-17 22:52:06 EDT
It seems that I am running into more UID/GID conflicts as more applications are added. I was wondering if any progress was made toward the following:

"we need to expose this to the RHEL Product PMs to ensure they are following this process.  As well as exposing this to third party/hardware partner vendors as well."

Also, is there a time frame and discussion regarding the following?

"On another note, it looks like there will be some movement of the reserved space going up to 1000."
Comment 14 Aneta Šteflová Petrová 2016-04-08 12:17:43 EDT
Hello, I'm taking over this BZ to investigate the problem. I will keep you updated on my progress.
Comment 17 Aneta Šteflová Petrová 2016-04-20 07:19:32 EDT
(In reply to Kay Likes from comment #13)
> It seems that I am running into more UID/GID conflicts as more applications
> are added. I was wondering if any progress was made toward the following:
> 
> "we need to expose this to the RHEL Product PMs to ensure they are following
> this process.  As well as exposing this to third party/hardware partner
> vendors as well."

I'm setting a needinfo on the reporter of this BZ: Dave, do you have any update on this?

> 
> Also, is there a time frame and discussion regarding the following?
> 
> "On another note, it looks like there will be some movement of the reserved
> space going up to 1000."

The Deployment Guide has been updated with a recommendation to assign IDs starting at 5,000. This should prevent conflicts if the reserved space goes up in the future.

Again, I'm wondering if the reporter of the BZ can provide an update: Dave, do you know about any progress in this direction?
Comment 21 Maxim Svistunov 2016-05-16 10:24:00 EDT
This Bugzilla has been resolved (with Dave's ACK in Comment 19), and the new version of the guide will be published soon, probably this week.

Kay, we have requested answers to your questions in Comment 13. Once the relevant people respond, I will inform you.

Note You need to log in before you can comment on or make changes to this bug.