https://bugzilla.redhat.com/show_bug.cgi?id=1457929 --- Comment #10 from Augusto Caringi <acaringi@xxxxxxxxxx> --- (In reply to Augusto Caringi from comment #9) > %pre > /usr/sbin/groupadd -g 28 -o -r proxysql >/dev/null 2>&1 || : > /usr/sbin/useradd -g proxysql -o -r -d /var/lib/proxysql -s /bin/false \ > -c "ProxySQL" -u 28 proxysql >/dev/null 2>&1 || : But what I think that we should do differently here is to change the UID/GID. The number 28 is reserved to nscd (/usr/share/doc/setup/uidgid): nscd 28 28 / /bin/false nscd Why they chose this specific number? I'm not sure, but probably because is 27 (mysql reserved ID) + 1: mysql 27 27 /var/lib/mysql /bin/bash mysql I was taking a look here: https://fedoraproject.org/wiki/Features/1000SystemAccounts And I think that the best option for us is to use a "Dynamically-allocated system accounts" (201-999) "Any package can use dynamic allocation; it is especially appropriate for packages that use separate identities only for privilege separation and don't create any files owned by that group/user account. Because of the limited number of soft static UIDs and GIDs available, it is better to use dynamic allocation if in doubt." (https://fedoraproject.org/wiki/Packaging:UsersAndGroups?rd=Packaging/UsersAndGroups#Allocation_Strategies) Or would be a good idea to ask for a "Statically-allocated system accounts"? "Soft static allocation ensures that multiple independently installed systems use the same UID and GID values; either UID and GID values allocated by Fedora or values that were optionally pre-allocated by the system administrator. Don't use soft static allocation unnecessarily as the number of available values is limited. Soft static allocation is only appropriate for packages where the UID or GID values are shared between computers. For instance, if the package creates files with the assigned UID or GID that are likely to be shared over NFS. Soft static allocation MUST be evaluated by the FPC." -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component _______________________________________________ package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx
