This is a multi-part message in MIME format.
--------------000107090503030801030506
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
On 11/25/2013 04:44 AM, Vinzenz Feenstra wrote:
On 11/25/2013 01:38 PM, Gianluca Cecchi wrote:
> On Mon, Nov 25, 2013 at 1:12 PM, Vinzenz Feenstra wrote:
>> On 11/25/2013 01:09 PM, Vinzenz Feenstra wrote:
>>> On 11/25/2013 12:54 PM, Patrick Hurrelmann wrote:
>>>> If you had rhev-guest-agent installed before, then manually remove the
>>>> user rhevagent and group rhevagent before installing ovirt-guest-agent.
>>>> the ovirt-guest-agent reuses the same uid and gid, but fails to add them
>>>> upon install when the rhev user and group is still existing.
>>> Ah yeah that explains it. Well I am not sure if the workaround for this is
>>> appropriate in the rpm.
>>> I think that should be fixed on the system, it's not really expected
that
>>> someone would be 'upgrading' from the rhev-agent
>> "it's not really expected that someone would be 'upgrading' from
the
>> rhev-agent" to the ovirt-guest-agent.
>>
>>>> Regards
>>>> Patrick
>>>>
> Patrick was right
> Having before installed and then removed rhev-agent to test
> ovirt-agent I still had:
>
> passwd
> rhevagent:x:175:175:RHEV Agent:/:/sbin/nologin
> ovirtagent:x:175:175:oVirt Guest Agent:/:/sbin/nologin
>
> group
> rhevagent:x:175:
>
> So after removing ovirt-guest-agent and
> userdel ovirtagent
> groupdel rhevagent
>
> verified no more entries and reinstalled ovirt-guest-agent, now only
>
> passwd
> ovirtagent:x:175:175:oVirt Guest Agent:/:/sbin/nologin
>
> group
> ovirtagent:x:175:
>
>
> [root@c510 ~]# service ovirt-guest-agent start
> Starting ovirt-guest-agent: [ OK ]
>
> [root@c510 ~]# service ovirt-guest-agent status
> ovirt-guest-agent (pid 3527) is running...
>
> Only entry in log file:
> MainThread::INFO::2013-11-25
> 13:30:29,676::ovirt-guest-agent::37::root::Starting oVirt guest agent
>
> and I'm able to see again IP, installed applications, ecc for the VM
> So the rpm itself seems ok.
> Eventually it could be useful to verify no rhev-agent package exist
> and no other user/group with same id.
> Should it considered a standard way of proceeding to delete user group
> or not in general?
> Because in this case as a post-uninstall step could be safe to remove them.
Usually you don't remove groups and users in rpms. It's actually
mentioned in the Fedora Packaging guidelines:
https://fedoraproject.org/wiki/Packaging:UsersAndGroups#Allocation_Strate...
Quote:
* Do not remove users or groups*
**We never remove users or groups created by packages. There's no sane
way to check if files owned by those users/groups are left behind (and
even if there would, what would we do with them?) and leaving those
behind with ownerships **pointing to now nonexistent users/groups may
result in security issues when a semantically unrelated user/group is
created later and reuses the UID/GID. Also, in some setups deleting
the user/group might not be possible or/nor desirable **(eg. when
using a shared, remote user/group database). Cleanup of unused
users/groups is left to the system administrators to take care of if
they so desire.
> Thanks,
> Gianluca
Why not just reuse the rhev-agent username, it is what it is reserved
as? Then just add a conflict with the rhev RPM so they cannot be
installed together.
Though upgrading systems using ovirt-guest-agent username would be tricky.
-
Thomas
--------------000107090503030801030506
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 8bit
<html>
<head>
<meta content="text/html; charset=UTF-8"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 11/25/2013 04:44 AM, Vinzenz
Feenstra wrote:<br>
</div>
<blockquote cite="mid:52934629.9090805@redhat.com"
type="cite">
<meta content="text/html; charset=UTF-8"
http-equiv="Content-Type">
<div class="moz-cite-prefix">On 11/25/2013 01:38 PM, Gianluca
Cecchi wrote:<br>
</div>
<blockquote
cite="mid:CAG2kNCwPh9K8oOYrEu5BruUjh6Lv28f6eHz20BPRTf7gsrE7Hw@mail.gmail.com"
type="cite">
<pre wrap="">On Mon, Nov 25, 2013 at 1:12 PM, Vinzenz Feenstra
wrote:
</pre>
<blockquote type="cite">
<pre wrap="">On 11/25/2013 01:09 PM, Vinzenz Feenstra wrote:
</pre>
<blockquote type="cite">
<pre wrap="">On 11/25/2013 12:54 PM, Patrick Hurrelmann
wrote:
</pre>
</blockquote>
</blockquote>
<blockquote type="cite">
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">If you had rhev-guest-agent installed before,
then manually remove the
user rhevagent and group rhevagent before installing ovirt-guest-agent.
the ovirt-guest-agent reuses the same uid and gid, but fails to add them
upon install when the rhev user and group is still existing.
</pre>
</blockquote>
<pre wrap="">Ah yeah that explains it. Well I am not sure if
the workaround for this is
appropriate in the rpm.
I think that should be fixed on the system, it's not really expected that
someone would be 'upgrading' from the rhev-agent
</pre>
</blockquote>
<pre wrap="">"it's not really expected that someone
would be 'upgrading' from the
rhev-agent" to the ovirt-guest-agent.
</pre>
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">Regards
Patrick
</pre>
</blockquote>
</blockquote>
</blockquote>
<pre wrap="">
Patrick was right
Having before installed and then removed rhev-agent to test
ovirt-agent I still had:
passwd
rhevagent:x:175:175:RHEV Agent:/:/sbin/nologin
ovirtagent:x:175:175:oVirt Guest Agent:/:/sbin/nologin
group
rhevagent:x:175:
So after removing ovirt-guest-agent and
userdel ovirtagent
groupdel rhevagent
verified no more entries and reinstalled ovirt-guest-agent, now only
passwd
ovirtagent:x:175:175:oVirt Guest Agent:/:/sbin/nologin
group
ovirtagent:x:175:
[root@c510 ~]# service ovirt-guest-agent start
Starting ovirt-guest-agent: [ OK ]
[root@c510 ~]# service ovirt-guest-agent status
ovirt-guest-agent (pid 3527) is running...
Only entry in log file:
MainThread::<a moz-do-not-send="true" class="moz-txt-link-freetext"
href="INFO::2013-11-25">INFO::2013-11-25</a>
13:30:29,676::ovirt-guest-agent::37::root::Starting oVirt guest agent
and I'm able to see again IP, installed applications, ecc for the VM
So the rpm itself seems ok.
Eventually it could be useful to verify no rhev-agent package exist
and no other user/group with same id.
Should it considered a standard way of proceeding to delete user group
or not in general?
Because in this case as a post-uninstall step could be safe to remove them.</pre>
</blockquote>
Usually you don't remove groups and users in rpms. It's actually
mentioned in the Fedora Packaging guidelines:
<a moz-do-not-send="true" class="moz-txt-link-freetext"
href="https://fedoraproject.org/wiki/Packaging:UsersAndGroups#Alloca...
<br>
Quote:<br>
<b> Do not remove users or groups</b><br>
<b> </b>We never remove users or groups created by packages.
There's no sane way to check if files owned by those users/groups
are left behind (and even if there would, what would we do with
them?) and leaving those behind with ownerships <b> </b>pointing
to now nonexistent users/groups may result in security issues when
a semantically unrelated user/group is created later and reuses
the UID/GID. Also, in some setups deleting the user/group might
not be possible or/nor desirable <b> </b>(eg. when using a
shared, remote user/group database). Cleanup of unused
users/groups is left to the system administrators to take care of
if they so desire.<br>
<blockquote
cite="mid:CAG2kNCwPh9K8oOYrEu5BruUjh6Lv28f6eHz20BPRTf7gsrE7Hw@mail.gmail.com"
type="cite">
<pre wrap="">
Thanks,
Gianluca
</pre>
</blockquote>
<br>
</blockquote>
Why not just reuse the rhev-agent username, it is what it is
reserved as? Then just add a conflict with the rhev RPM so they
cannot be installed together.<br>
<br>
Though upgrading systems using ovirt-guest-agent username would be
tricky.<br>
<br>
-<br>
Thomas<br>
</body>
</html>
--------------000107090503030801030506--