On Tue, 2011-12-20 at 12:59 +0100, Michael Schwendt wrote: > On Tue, 20 Dec 2011 12:24:21 +0100, SC (Simone) wrote: > > > Hello, > > > > can you please explain that a bit further? I don't think I understand, > > I see this reference at > > http://fedoraproject.org/wiki/PackageUserCreation: > > You've quoted the relevant part. Here: > > > Another solution might be semi-static UIDs, which are relative to a > > system-wide value and unique for the entire Fedora Project. The > > current (experimental) implementation uses the file > > /etc/fedora/usermgmt/baseuid to configure the value to which the > > relative UID would be added. As an example, when > > /etc/fedora/usermgmt/baseuid contains "30000", the user 'joe', with > > the semi-static UID 23, will get the final UID 30023 (30000+23)." Yep, and that's what the bacula is working with - Simone mentioned http://fedoraproject.org/wiki/PackageUserRegistry - which was created for this experimental implementation based on baseuid - and 33 is reserved there for bacula user/group . But this reservation is not for 33:33 uidgid pair, but for baseuid+33:baseuid+33 uidgid pair (and fedora-useradd or %fedora_useradd macro should be used for it instead of shadow-utils /usr/sbin/useradd ) > So, if you drop using fedora-usermgmt, you cannot keep the relative (!) > uid 33 that has been registered for it. 33 is "amandabackup": > > $ rpm -qd setup > /usr/share/doc/setup-2.8.36/COPYING > /usr/share/doc/setup-2.8.36/uidgid <-- (!) > > Package "setup"'s %changelog mentions a lot of activity related to reserving > system uids/gids. Yep, that's right, 33 is reserved for amandabackup user ... Please note that threshold of 200 is now used for statically allocated ID's (that's respected in useradd (shadow-utils) - shadow-utils changed its dynamic user creation, so now it goes downwards. This change was done in ~F11 and no issues with it were reported so far. > > The file /etc/fedora/usermgmt/baseuid contains 300, so I'm guessing > > the correct setup for Bacula would be to set 333 as the uid/gid. Is > > that correct? > > You would first need to have uid 333 registered/reserveed as a fixed uid. I don't think that this is a good idea - you either should have static ID (network/virtual machines facing, storing sensitive data) or dynamic system user creation should be ok for you. > > The previous version used fedora-usermgmt (so uid 333) but did not > > remove the user and directory; > > Well, then it isn't following the guidelines, which mention the userdel > scriptlets. ;) > > > that is pointless anyway because you > > don't remove the directory only if you have it dynamic. > > However, if the directory contains files created at run-time, the package > should not "rm -rf" those files when uninstalling, so it could remove the > empty dir. > -- Greetings, Ondrej Vasik -- packaging mailing list packaging@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/packaging
