On Wed, May 18, 2016 at 3:54 PM, Przemek Klosowski <przemek.klosow...@nist.gov> wrote:
> No I'm linking the policy as it has all the relevant guidelines for this > situation along with specific example script samples and the process that > needs to be followed with FPC if not using dynamic application and wanting a > static assignment. > > I believe that mongoDB has already acquired static GID and UID (184, per > https://git.fedorahosted.org/cgit/setup.git/tree/uidgid#n151) but is only > using the UID, not GID---and this is what Marek proposed to fix. Am I > mistaken? Sometimes it helps to be explicit. By default, in most configurations, useradd will add the same gid for the user unless one is stated explicitly otherwise. But I've seen one confused account addition, especially one where an account is added and deleted but the matching group is *not* deleted, to leave an obsolete group and gid active and cause the semi-automatic numbering for gids to be incremented by one or sometimes even more. It's much worse among the non-system accounts, where casual local experts do things like hand-building mysql and tomcat and apache, and activate group accounts for them in userland instead of using system accounts. Security hilarity ensues. -- devel mailing list devel@lists.fedoraproject.org http://lists.fedoraproject.org/admin/lists/devel@lists.fedoraproject.org
