On Fri, Jan 07, 2005 at 11:54:30AM +0100, Daniel Hermann wrote: > Hi Simon, > > On Fri, Jan 07, 2005 at 12:31:23PM +0900, Horms wrote: > > > > > > > > The postinst script creates a user (according to the data in > > > /usr/lib/heartbeat/ha_config) with the uid 17, but this user is > > > removed by update-passwd (package base-passwd) because this uid is not > > > known to base-passwd. > > > > Could you elaborate on how this occurs? > > > > My understanding is that the hearbeat package is doing the right thing > > (though it needs to move from postinst to preinst). In that if the > > required user and group and user are not found they are created > > using addgroup --system. > > > > For refereance: > > if ! getent group "$HA_APIGROUP" > /dev/null ; then > > addgroup --system --group "$HA_APIGROUP" > /dev/null > > fi > > if ! getent passwd "$HA_CCMUSER" > /dev/null ; then > > adduser --no-create-home --uid "$HA_CCMUID" \ > > --ingroup "$HA_APIGROUP" \ > > --gecos "Heartbeat System Account" \ > > --no-create-home --disabled-login \ > > --home /usr/lib/heartbeat --shell /bin/false \ > > --disabled-password "$HA_CCMUSER" > /dev/null > > fi > > > > > > The user is created with a fixed --uid $(HA_CCMUID) (which is 17 > according to /usr/lib/heartbeat/ha_config). The uid range below 100 is > reserved for statically allocated system uids which should be equal on > any Debian system. These uids are managed by the package > "base-passwd". update-passwd (part of base-passwd) erases users which > have a uid below 100 but are not registered in its database. It asks > before doing that, but, AFAIU from the Debian policy, it should be > safe for administrators to allow this, as long as the uids below 100 > are created by official Debian packages, e.g. heartbeat.
Thanks, I noticed this when I came back to this again yesterday. I guess I was blind the first time around. > My suggestion is to use a dynamically assigned system uid (by using > adduser --system instead of an explicit --uid argument). > > I'm not 100% sure though whether there are situations where the > hacluster user has to have a static uid (i.e. the same uid on two > clustered servers running heartbeat). I have reworked things a bit so that should work. I hope to upload shortly. -- Horms -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
