[Freeipa-devel] [PATCH 494] install: create kdcproxy user during server install
Jan Cholasta
jcholast at redhat.com
Wed Sep 23 14:30:21 UTC 2015
On 23.9.2015 16:25, Martin Babinsky wrote:
> On 09/23/2015 01:37 PM, Jan Cholasta wrote:
>> On 23.9.2015 12:49, Christian Heimes wrote:
>>> On 2015-09-23 12:40, Jan Cholasta wrote:
>>>> On 23.9.2015 11:44, Christian Heimes wrote:
>>>>> On 2015-09-23 10:54, Jan Cholasta wrote:
>>>>>>> Correction, the HTTP server works, but it spits lots of errors in
>>>>>>> error_log about /var/lib/kdcproxy not existing.
>>>>>>>
>>>>>>> Is the KDCProxy supposed to be installked/enabled on upgrade ?
>>>>>>> If not, why not ?
>>>>>>> Even if it is not enabled, shouldn't the user be created just in
>>>>>>> case ?
>>>>>>
>>>>>> Fixed, patch attached.
>>>>>
>>>>> I haven't tested the patch yet. It looks like the kdcproxy user
>>>>> doesn't
>>>>> own its home directory. Please chown /var/lib/kdcproxy.
>>>>
>>>> I can't chown it because the user may not exist at RPM install time. It
>>>> doesn't matter anyway, since nothing is ever stored in the directory
>>>> and
>>>> KDC proxy works just fine. The same thing is done for the DS user and
>>>> nobody complained so far, so I assumed it should be OK for KDC proxy as
>>>> well.
>>>
>>> I think we have a slight misunderstanding here. :) Of course you can't
>>> set the owner at RPM install time. I wasn't talking about chown-ing the
>>> directory in RPM, but chown-ing the directory after or inside the
>>> tasks.create_system_user() call. Sorry for the confusion!
>>>
>>> AFAIK neither mod_wsgi nor python-kdcproxy need a writeable home
>>> directory. It's not guaranteed for eternity, though.
>>
>> OK. Updated patch attached. Added patch 496, please apply before 495.
>>
>>
>>
> ACK to both patches.
>
Thanks.
Pushed to:
master: 4c39561261e79fe1cfdef916eafbcb9c204e77e8
ipa-4-2: 091b119580f7bbd534e7643e09fd33a85d8c010b
--
Jan Cholasta
More information about the Freeipa-devel
mailing list