[Users] Guest Agent
Thomas Suckow
thomas.suckow at pnnl.gov
Mon Nov 25 17:26:46 UTC 2013
On 11/25/2013 04:44 AM, Vinzenz Feenstra wrote:
> On 11/25/2013 01:38 PM, Gianluca Cecchi wrote:
>> On Mon, Nov 25, 2013 at 1:12 PM, Vinzenz Feenstra wrote:
>>> On 11/25/2013 01:09 PM, Vinzenz Feenstra wrote:
>>>> On 11/25/2013 12:54 PM, Patrick Hurrelmann wrote:
>>>>> If you had rhev-guest-agent installed before, then manually remove the
>>>>> user rhevagent and group rhevagent before installing ovirt-guest-agent.
>>>>> the ovirt-guest-agent reuses the same uid and gid, but fails to add them
>>>>> upon install when the rhev user and group is still existing.
>>>> Ah yeah that explains it. Well I am not sure if the workaround for this is
>>>> appropriate in the rpm.
>>>> I think that should be fixed on the system, it's not really expected that
>>>> someone would be 'upgrading' from the rhev-agent
>>> "it's not really expected that someone would be 'upgrading' from the
>>> rhev-agent" to the ovirt-guest-agent.
>>>
>>>>> Regards
>>>>> Patrick
>>>>>
>> Patrick was right
>> Having before installed and then removed rhev-agent to test
>> ovirt-agent I still had:
>>
>> passwd
>> rhevagent:x:175:175:RHEV Agent:/:/sbin/nologin
>> ovirtagent:x:175:175:oVirt Guest Agent:/:/sbin/nologin
>>
>> group
>> rhevagent:x:175:
>>
>> So after removing ovirt-guest-agent and
>> userdel ovirtagent
>> groupdel rhevagent
>>
>> verified no more entries and reinstalled ovirt-guest-agent, now only
>>
>> passwd
>> ovirtagent:x:175:175:oVirt Guest Agent:/:/sbin/nologin
>>
>> group
>> ovirtagent:x:175:
>>
>>
>> [root at c510 ~]# service ovirt-guest-agent start
>> Starting ovirt-guest-agent: [ OK ]
>>
>> [root at c510 ~]# service ovirt-guest-agent status
>> ovirt-guest-agent (pid 3527) is running...
>>
>> Only entry in log file:
>> MainThread::INFO::2013-11-25
>> 13:30:29,676::ovirt-guest-agent::37::root::Starting oVirt guest agent
>>
>> and I'm able to see again IP, installed applications, ecc for the VM
>> So the rpm itself seems ok.
>> Eventually it could be useful to verify no rhev-agent package exist
>> and no other user/group with same id.
>> Should it considered a standard way of proceeding to delete user group
>> or not in general?
>> Because in this case as a post-uninstall step could be safe to remove them.
> Usually you don't remove groups and users in rpms. It's actually
> mentioned in the Fedora Packaging guidelines:
> https://fedoraproject.org/wiki/Packaging:UsersAndGroups#Allocation_Strategies
>
> Quote:
> * Do not remove users or groups*
> **We never remove users or groups created by packages. There's no sane
> way to check if files owned by those users/groups are left behind (and
> even if there would, what would we do with them?) and leaving those
> behind with ownerships **pointing to now nonexistent users/groups may
> result in security issues when a semantically unrelated user/group is
> created later and reuses the UID/GID. Also, in some setups deleting
> the user/group might not be possible or/nor desirable **(eg. when
> using a shared, remote user/group database). Cleanup of unused
> users/groups is left to the system administrators to take care of if
> they so desire.
>> Thanks,
>> Gianluca
>
Why not just reuse the rhev-agent username, it is what it is reserved
as? Then just add a conflict with the rhev RPM so they cannot be
installed together.
Though upgrading systems using ovirt-guest-agent username would be tricky.
-
Thomas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20131125/18c17189/attachment-0001.html>
More information about the Users
mailing list