[Freeipa-devel] [PATCH 0075] Change group ownership of CRL publish directory
Martin Kosek
mkosek at redhat.com
Thu Jun 20 15:33:53 UTC 2013
On 06/20/2013 05:15 PM, Tomas Babej wrote:
> Hi,
>
> Spec file modified so that /var/lib/ipa/pki-ca/publish/ is owned
> by pkiuser group.
>
> https://fedorahosted.org/freeipa/ticket/3727
>
> Tomas
>
NACK. This won't fly. pkiuser is created by FreeIPA when server is installed,
thus you cannot just simply change ownership in our spec file because in the
time when package is installed or updated, pkiuser may not exist.
I think you need to delete the %attr from spec file and set the correct
ownership during ipa-{server,ca}-install. When CA is configured, we should also
probably let ipa-upgradeconfig check this directory and amend when necessary
(to fix affected IPA CA instances).
Martin
More information about the Freeipa-devel
mailing list