uids for daemons on a spin

[Martin Langhoff]

2008/8/4 Ricky Zhou <ricky at fedoraproject.org>:
>> Googling for "uid policy fedora -selinux" (or redhat) does not yield
>> anything particularly interesting.
> Searching around on the wiki, I found the following pages:
> http://fedoraproject.org/wiki/Packaging/UsersAndGroups
> https://fedoraproject.org/wiki/Packaging/UserCreation
> https://fedoraproject.org/wiki/PackageUserRegistry

Thanks for the pointers! The docs on fedora-groupadd / useradd seem to
be just what I have been looking for.

Except that it doesn't seem to work - both on F7 and F9 I get

$ cat /etc/fedora/usermgmt/basegid
300
$ sudo /usr/sbin/fedora-groupadd 3 testing
## expecting 303 here -
$ grep testing /etc/group
testing:x:501:

Now, it's a bash script - and it _seems_ to be doing the right thing.
Almost. Mostly. See below:

$ sudo bash -x /usr/sbin/fedora-groupadd 3 testing
+ PATH=/usr/bin:/bin:/sbin:/usr/sbin:/usr/local/sbin
+ BASE_DIR=/etc/fedora/usermgmt
+ ARGS=("$0" "$@")
+ test -r /etc/fedora/usermgmt/baseuid
++ cat /etc/fedora/usermgmt/baseuid
+ BASE_UID=300
+ test -r /etc/fedora/usermgmt/basegid
++ cat /etc/fedora/usermgmt/basegid
+ BASE_GID=300
++ basename /usr/sbin/fedora-groupadd
+ skin=fedora-groupadd
+ skin=groupadd
+ exec_name=
+ for i in '"$BASE_DIR/scripts/$skin"' '"$BASE_DIR/$skin"'
+ test -x /etc/fedora/usermgmt/scripts/groupadd
+ exec_name=/etc/fedora/usermgmt/scripts/groupadd
+ break
+ case $skin in
+ test 3 '!=' --help
+ test 2 -ge 2
+ validateHint v 300 3
+ local tmp
+ let tmp=31
+ test 31 -ne 0
+ let tmp=300+3
+ test 303 -ge 0
+ eval 'v=$tmp'
++ v=303
+ shift
+ set -- 303 testing
+ log=/etc/fedora/usermgmt/log
+ test -e /etc/fedora/usermgmt/log -a -L /etc/fedora/usermgmt/log
+ test -n /etc/fedora/usermgmt/scripts/groupadd
+ invalidateCache
+ local rc=0
+ return 1
+ /etc/fedora/usermgmt/scripts/groupadd 303 testing #### THIS LOOKS CORRECT
+ rc=0
+ invalidateCache
+ local rc=0
+ return 1
+ invalidateCache
+ local rc=0
+ return 1
+ test 0 -eq 0
+ exit 0

and then... hrm...

$ sudo bash -x /etc/fedora/usermgmt/scripts/groupadd 303 testing
+ shift
+ exec /usr/sbin/groupadd testing

The first param to fedora-(user|group)add is supposed to be uid, which
should get added do base (g|u)id and should also get prefixed with
--uid for useradd and --gid for groupadd. When should the option name
be added I am not sure, but it should happen *somewhere*.

<curious>Is this toolchain in use?

cheers,




m
-- 
 martin.langhoff at gmail.com
 martin at laptop.org -- School Server Architect
 - ask interesting questions
 - don't get distracted with shiny stuff  - working code first
 - http://wiki.laptop.org/go/User:Martinlanghoff