Why only optional: "Create system groups and users with particular group and user IDs" ?
151 views
Skip to first unread message
Ville Kanninen
Sep 23, 2022, 3:07:49 PM9/23/22
to dcm4che
Both in the instructions ...
- "Run secured archive services and Elastic Stack on a single host" and
- "
Run secured archive services on a single host"
... there is an optional procedure: Create system groups and users with particular group and user IDs used by the archive services on the host.
What is the effect of doing vs not doing it ?
If you don't do it, do you have to to something differently in the later steps of the installation?
Todd Jensen
Sep 24, 2022, 5:35:17 PM9/24/22
to dcm4che
There is no need to do anything else later in the installation whether you do or do not create the system groups and users.
The difference is when you view the ownership of the files created by the services - you will see numbers corresponding to the user and group versus a user name or group name.
Todd Jensen, PhD
Jensen Informatics LLC
Ville Kanninen
Sep 26, 2022, 12:25:45 PM9/26/22
to dcm4che
Ah, of course, that makes sense. Thank you for your answer.
I was asking the question, because in standard installation of Ubuntu Server 22.04.1:
- User lxd is given uid 999, so you cannot directly add user postgres-dcm4chee having uid 999
- Also, if you make a mistake and install docker before creating the group postgres-dcm4chee, docker will take gid 999
I wonder why so many Linux and Docker software has strange fixation to always try to reserve uid and gid 999 for themselves :-)
I have had similar kind of problem earlier with Ubuntu Server 20.04. There the installation creates systemd-coredump user having uid 999 and group having gid 999. I solved that by manually changing systemd-coredump uid and gid this way https://www.thegeekdiary.com/how-to-correctly-change-the-uid-and-gid-of-a-user-group-in-linux/
I made short tests with Ubuntu Server 22.04.1 (without yet installing newest dcm4chee 5.28) and found at least 3 alternatives
1. Omit the whole thing, do not create user and group postgres-dcm4chee
- In the Linux side, Postgres files are then owned by the user lxd
- After installing docker, group 999 is dockers group
- I guess this does not affect the function of dcm4chee itself at all (? did not tested), although its a little strange, confusing and not very clean from security point of view
2. Manually change user lxd uid to something else and then create user and group postgres-dcm4chee
- https://www.thegeekdiary.com/how-to-correctly-change-the-uid-and-gid-of-a-user-group-in-linux/ and after that
- sudo groupadd -r postgres-dcm4chee --gid=999 && useradd -r -g postgres-dcm4chee --uid=999 postgres-dcm4chee
3. Change the installation sequence:
- Install Ubuntu Server 22.04.1 first as minimal installation: this does not create the user lxd, but creates group lxd having gid 110
- Reserve now uid and gid 999 for postgres-dcm4chee: sudo groupadd -r postgres-dcm4chee --gid=999 && useradd -r -g postgres-dcm4chee --uid=999 postgres-dcm4chee
- Run "sudo unminimize". User lxd is now created with uid 998 (group lxd stays there with gid 110)
- If needed, run also sudo apt install ubuntu-server, it will add some things unminimize will not do
- Note: I don't know how much the end result differs from actual standard Ubuntu Server 22.04.1 installation
Probably I will do number 2. above i.e. the similar thing than with the older Ubuntu: I will manually change user lxd uid from 999 to 1999.
How others are solving this?
Ville
I was asking the question, because in standard installation of Ubuntu Server 22.04.1:
- User lxd is given uid 999, so you cannot directly add user postgres-dcm4chee having uid 999
- Also, if you make a mistake and install docker before creating the group postgres-dcm4chee, docker will take gid 999
I wonder why so many Linux and Docker software has strange fixation to always try to reserve uid and gid 999 for themselves :-)
I have had similar kind of problem earlier with Ubuntu Server 20.04. There the installation creates systemd-coredump user having uid 999 and group having gid 999. I solved that by manually changing systemd-coredump uid and gid this way https://www.thegeekdiary.com/how-to-correctly-change-the-uid-and-gid-of-a-user-group-in-linux/
I made short tests with Ubuntu Server 22.04.1 (without yet installing newest dcm4chee 5.28) and found at least 3 alternatives
1. Omit the whole thing, do not create user and group postgres-dcm4chee
- In the Linux side, Postgres files are then owned by the user lxd
- After installing docker, group 999 is dockers group
- I guess this does not affect the function of dcm4chee itself at all (? did not tested), although its a little strange, confusing and not very clean from security point of view
2. Manually change user lxd uid to something else and then create user and group postgres-dcm4chee
- https://www.thegeekdiary.com/how-to-correctly-change-the-uid-and-gid-of-a-user-group-in-linux/ and after that
- sudo groupadd -r postgres-dcm4chee --gid=999 && useradd -r -g postgres-dcm4chee --uid=999 postgres-dcm4chee
3. Change the installation sequence:
- Install Ubuntu Server 22.04.1 first as minimal installation: this does not create the user lxd, but creates group lxd having gid 110
- Reserve now uid and gid 999 for postgres-dcm4chee: sudo groupadd -r postgres-dcm4chee --gid=999 && useradd -r -g postgres-dcm4chee --uid=999 postgres-dcm4chee
- Run "sudo unminimize". User lxd is now created with uid 998 (group lxd stays there with gid 110)
- If needed, run also sudo apt install ubuntu-server, it will add some things unminimize will not do
- Note: I don't know how much the end result differs from actual standard Ubuntu Server 22.04.1 installation
Probably I will do number 2. above i.e. the similar thing than with the older Ubuntu: I will manually change user lxd uid from 999 to 1999.
How others are solving this?
Ville
Reply all
Reply to author
Forward
0 new messages