From 8a9c5629214cd71e88a5ac9c1b639faad9fc4ec1 Mon Sep 17 00:00:00 2001
From: Frederik Himpe <frederik@frehi.be>
Date: Tue, 25 Feb 2025 13:49:23 +0100
Subject: [PATCH] Make name of nobody group configurable and use nogroup on
 Debian

Fixes: https://pagure.io/freeipa/issue/9753

Signed-off-by: Frederik Himpe <frederik@frehi.be>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
---
 ipaplatform/base/constants.py        | 1 +
 ipaplatform/debian/constants.py      | 1 +
 ipaserver/install/adtrustinstance.py | 6 ++++--
 3 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/ipaplatform/base/constants.py b/ipaplatform/base/constants.py
index f1ef7efff..4c8038a84 100644
--- a/ipaplatform/base/constants.py
+++ b/ipaplatform/base/constants.py
@@ -124,6 +124,7 @@ class BaseConstantsNamespace:
     NAMED_OPTIONS_VAR = "OPTIONS"
     NAMED_OPENSSL_ENGINE = None
     NAMED_ZONE_COMMENT = ""
+    NOBODY_GROUP = Group("nobody")
     PKI_USER = User("pkiuser")
     PKI_GROUP = Group("pkiuser")
     # ntpd init variable used for daemon options
diff --git a/ipaplatform/debian/constants.py b/ipaplatform/debian/constants.py
index 7216694ad..f8ee8cf9f 100644
--- a/ipaplatform/debian/constants.py
+++ b/ipaplatform/debian/constants.py
@@ -29,5 +29,6 @@ class DebianConstantsNamespace(BaseConstantsNamespace):
     ODS_USER = User("opendnssec")
     ODS_GROUP = Group("opendnssec")
     SECURE_NFS_VAR = "NEED_GSSD"
+    NOBODY_GROUP = Group("nogroup")
 
 constants = DebianConstantsNamespace()
diff --git a/ipaserver/install/adtrustinstance.py b/ipaserver/install/adtrustinstance.py
index fd5a5a282..df2586ef1 100644
--- a/ipaserver/install/adtrustinstance.py
+++ b/ipaserver/install/adtrustinstance.py
@@ -123,9 +123,11 @@ def make_netbios_name(s):
 def map_Guests_to_nobody():
     env = {'LC_ALL': 'C'}
     args = [paths.NET, '-s', '/dev/null', 'groupmap', 'add',
-            'sid=S-1-5-32-546', 'unixgroup=nobody', 'type=builtin']
+            'sid=S-1-5-32-546',
+            'unixgroup="' + constants.NOBODY_GROUP + '"', 'type=builtin']
 
-    logger.debug("Map BUILTIN\\Guests to a group 'nobody'")
+    logger.debug("Map BUILTIN\\Guests to a group '%s'",
+                 constants.NOBODY_GROUP)
     ipautil.run(args, env=env, raiseonerr=False, capture_error=True)
 
 
-- 
2.48.1