Many thanks for both explanations. It seems the situation was even worse: [slaanesh@3zpc0560 ~]$ cat /usr/share/doc/setup-2.8.36/uidgid | grep bacula bacula 133 133 /var/spool/bacula /sbin/nologin bacula So the situation was as follows: - "fedora-usermgmt" created 333 (300+33) as fixed uid. - No deletion of userdir with fixed uid. - "setup" contains 133 as fixed uid. - EPEL dependency on all packages to have 333 as fixed uid. So basically I'm just triggering a rebuild of the current package but changing the uid from 33 to 133 in the specfile. No EPEL dependency, stati uid already allocated in "setup", etc. Regards, --Simone On 20 December 2011 13:23, Ondrej Vasik <ovasik@xxxxxxxxxx> wrote: > On Tue, 2011-12-20 at 12:59 +0100, Michael Schwendt wrote: >> On Tue, 20 Dec 2011 12:24:21 +0100, SC (Simone) wrote: >> >> > Hello, >> > >> > can you please explain that a bit further? I don't think I understand, >> > I see this reference at >> > http://fedoraproject.org/wiki/PackageUserCreation: >> >> You've quoted the relevant part. Here: >> >> > Another solution might be semi-static UIDs, which are relative to a >> > system-wide value and unique for the entire Fedora Project. The >> > current (experimental) implementation uses the file >> > /etc/fedora/usermgmt/baseuid to configure the value to which the >> > relative UID would be added. As an example, when >> > /etc/fedora/usermgmt/baseuid contains "30000", the user 'joe', with >> > the semi-static UID 23, will get the final UID 30023 (30000+23)." > > Yep, and that's what the bacula is working with - Simone mentioned > http://fedoraproject.org/wiki/PackageUserRegistry - which was created > for this experimental implementation based on baseuid - and 33 is > reserved there for bacula user/group . But this reservation is not for > 33:33 uidgid pair, but for baseuid+33:baseuid+33 uidgid pair (and > fedora-useradd or %fedora_useradd macro should be used for it instead of > shadow-utils /usr/sbin/useradd ) > >> So, if you drop using fedora-usermgmt, you cannot keep the relative (!) >> uid 33 that has been registered for it. 33 is "amandabackup": >> >> $ rpm -qd setup >> /usr/share/doc/setup-2.8.36/COPYING >> /usr/share/doc/setup-2.8.36/uidgid <-- (!) >> >> Package "setup"'s %changelog mentions a lot of activity related to reserving >> system uids/gids. > > Yep, that's right, 33 is reserved for amandabackup user ... > Please note that threshold of 200 is now used for statically allocated > ID's (that's respected in useradd (shadow-utils) - shadow-utils changed > its dynamic user creation, so now it goes downwards. This change was > done in ~F11 and no issues with it were reported so far. > >> > The file /etc/fedora/usermgmt/baseuid contains 300, so I'm guessing >> > the correct setup for Bacula would be to set 333 as the uid/gid. Is >> > that correct? >> >> You would first need to have uid 333 registered/reserveed as a fixed uid. > > I don't think that this is a good idea - you either should have static > ID (network/virtual machines facing, storing sensitive data) or dynamic > system user creation should be ok for you. > >> > The previous version used fedora-usermgmt (so uid 333) but did not >> > remove the user and directory; >> >> Well, then it isn't following the guidelines, which mention the userdel >> scriptlets. ;) >> >> > that is pointless anyway because you >> > don't remove the directory only if you have it dynamic. >> >> However, if the directory contains files created at run-time, the package >> should not "rm -rf" those files when uninstalling, so it could remove the >> empty dir. >> -- > > Greetings, > Ondrej Vasik > > -- > packaging mailing list > packaging@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/packaging -- You cannot discover new oceans unless you have the courage to lose sight of the shore (R. W. Emerson). -- packaging mailing list packaging@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/packaging
