[Freeipa-devel] [PATCH 494] install: create kdcproxy user during server install
Simo Sorce
simo at redhat.com
Wed Sep 23 13:37:04 UTC 2015
On Wed, 2015-09-23 at 13:37 +0200, Jan Cholasta wrote:
> On 23.9.2015 12:49, Christian Heimes wrote:
> > On 2015-09-23 12:40, Jan Cholasta wrote:
> >> On 23.9.2015 11:44, Christian Heimes wrote:
> >>> On 2015-09-23 10:54, Jan Cholasta wrote:
> >>>>> Correction, the HTTP server works, but it spits lots of errors in
> >>>>> error_log about /var/lib/kdcproxy not existing.
> >>>>>
> >>>>> Is the KDCProxy supposed to be installked/enabled on upgrade ?
> >>>>> If not, why not ?
> >>>>> Even if it is not enabled, shouldn't the user be created just in case ?
> >>>>
> >>>> Fixed, patch attached.
> >>>
> >>> I haven't tested the patch yet. It looks like the kdcproxy user doesn't
> >>> own its home directory. Please chown /var/lib/kdcproxy.
> >>
> >> I can't chown it because the user may not exist at RPM install time. It
> >> doesn't matter anyway, since nothing is ever stored in the directory and
> >> KDC proxy works just fine. The same thing is done for the DS user and
> >> nobody complained so far, so I assumed it should be OK for KDC proxy as
> >> well.
> >
> > I think we have a slight misunderstanding here. :) Of course you can't
> > set the owner at RPM install time. I wasn't talking about chown-ing the
> > directory in RPM, but chown-ing the directory after or inside the
> > tasks.create_system_user() call. Sorry for the confusion!
> >
> > AFAIK neither mod_wsgi nor python-kdcproxy need a writeable home
> > directory. It's not guaranteed for eternity, though.
>
> OK. Updated patch attached. Added patch 496, please apply before 495.
We have 2 options:
1. Home is created and chowned at user creation time
2. Home is owned by RPM packages.
The option we do *not* have is to have RPM own the directory and then
chown it later.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-devel
mailing list