Project

General

Profile

Feature #20545

Problems with the default 'frontend' user in the Factory

Added by Marco Mambelli 11 months ago. Updated 29 days ago.

Status:
Closed
Priority:
Normal
Category:
Factory
Target version:
Start date:
08/03/2018
Due date:
% Done:

0%

Estimated time:
Stakeholders:
Duration:

Description

Krista highlighted some problems w/ the Factory RPM installation:
1. it is creating a frontend user w/ default uid and gid
2. the frontend user has a not existing home dir (this should not be a problem since it has no login)
3. /var/log/condor has a strange ownership (uid:gid not matching existing users

With the RPM installation, we are aiming at something that can work out of the box with the default configuration and setup. So the setup is consistent w/ the configuration using the frontend user. And is creating it if not already there.
The solution for choosing the user ID you prefer (in a distributed system, with shared files, ...) is to create the user before the GlideinWMS installation.

We did not think of a setup using a set of names not including ‘frontend’ (you need one or more frontend users, but the usernames could all be different from frontend). It makes totally sense not to have frontend and we should not create a user that is not used.

The non-existent home dir is not important and can be ignored since the user has not login privileges. Anyway that will be fixed as well in 3.5

The last problem w/ the condor log dir should not happen and I don’t understand why it is happening.
Beside the RPM dependency from condor and some condor configuration file, GWMS is not modifying condor installation and /var/log/condor is not mentioned in the RPM install or setups.
It is creating the condor user if not already there (condor RPM install does this), but that one is a reasonable requirement.
All this should not affect the log dir.

The IDs sent in the email from Krista seem not to belong to any user, would be good to check ‘getent passwd 992’ and ‘getent group 988’?
And also grep /etc/passwd and /etc/groups for them?

When creating the layout, migration tools and setup for 3.5 keep this in mind

History

#1 Updated by Brian Bockelman 11 months ago

The IDs sent in the email from Krista seem not to belong to any user, would be good to check ‘getent passwd 992’ and ‘getent group 988’?
And also grep /etc/passwd and /etc/groups for them?

There's a standard recipe for this:

https://fedoraproject.org/wiki/Packaging:UsersAndGroups

In particular, you don't want to grep through files...

#2 Updated by Lorena Lobato Pardavila 11 months ago

  • Assignee set to Lorena Lobato Pardavila

#3 Updated by Marco Mambelli 8 months ago

  • Status changed from New to Closed
  • Assignee changed from Lorena Lobato Pardavila to Marco Mambelli

1. Will no more be a problem since with [#20215] the Factory will run under a single user
2. See 1 (then no home dir is not a problem if there is no login)
3. Following up with Krista, the problem mentioned was caused b puppet rules unrelated to GWMS and it has been solved

So this ticket can be closed



Also available in: Atom PDF