[Freeipa-devel] [PATCH 494] install: create kdcproxy user during server install
Christian Heimes
cheimes at redhat.com
Wed Sep 23 10:49:06 UTC 2015
On 2015-09-23 12:40, Jan Cholasta wrote:
> On 23.9.2015 11:44, Christian Heimes wrote:
>> On 2015-09-23 10:54, Jan Cholasta wrote:
>>>> Correction, the HTTP server works, but it spits lots of errors in
>>>> error_log about /var/lib/kdcproxy not existing.
>>>>
>>>> Is the KDCProxy supposed to be installked/enabled on upgrade ?
>>>> If not, why not ?
>>>> Even if it is not enabled, shouldn't the user be created just in case ?
>>>
>>> Fixed, patch attached.
>>
>> I haven't tested the patch yet. It looks like the kdcproxy user doesn't
>> own its home directory. Please chown /var/lib/kdcproxy.
>
> I can't chown it because the user may not exist at RPM install time. It
> doesn't matter anyway, since nothing is ever stored in the directory and
> KDC proxy works just fine. The same thing is done for the DS user and
> nobody complained so far, so I assumed it should be OK for KDC proxy as
> well.
I think we have a slight misunderstanding here. :) Of course you can't
set the owner at RPM install time. I wasn't talking about chown-ing the
directory in RPM, but chown-ing the directory after or inside the
tasks.create_system_user() call. Sorry for the confusion!
AFAIK neither mod_wsgi nor python-kdcproxy need a writeable home
directory. It's not guaranteed for eternity, though.
Christian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20150923/0b6ae2a0/attachment.sig>
More information about the Freeipa-devel
mailing list