[Bug 517763] Review Request: voms - Virtual Organization Membership Service

bugzilla at redhat.com bugzilla at redhat.com
Mon Aug 31 09:04:40 UTC 2009 

Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.


https://bugzilla.redhat.com/show_bug.cgi?id=517763





--- Comment #5 from Steve Traylen <steve.traylen at cern.ch>  2009-08-31 05:04:38 EDT ---
Hi Mattias,

  Some of these are really upstream bugs.

  Yes the INSTALL.Fedora is there, my mistake.

1)  The 
    /usr/share/voms/voms_install_db --voms-vo=test --port=15000 \
   --db-type=mysql --db-admin=root --db-pwd="" \
   --sqlloc=/usr/lib64/voms/libvomsmysql.so 

   fails if there are no CA's installed.

   rror opening Certificate /etc/grid-security/certificates/*.0
5899:error:02001002:system library:fopen:No such file or
directory:bss_file.c:356:fopen('/etc/grid-security/certificates/*.0','r')
5899:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:358:
unable to load certificate

    so adding a comment that there must be some CAs installed before
   voms_install_db is ran would make sense though not required.

   Quite why you need CAs to do this is not obvious.

2) Permissions on /etc/voms.
   I think it is normal for files only read by a deamon when they
   can be owned by root to be owned by root. That way if voms user
   is compromised  the voms configuration can't be altered by the voms
   user.
   I think voms_install_db can and should be executed as root. 

   You end up now with.
    voms:voms  , a+r /etc/voms
    root:root  , a+r  /etc/voms/test
    root:voms  , ug+r /etc/voms/test/voms.pass
    root:root  , a+r  /etc/voms/test/voms.conf

    given that /etc/voms/test is root owned I see little point anyway
    in having /etc/voms owned voms:voms

3) Permission on /etc/grid-security/voms

   Again this directory is populated by root even if hostkey/cert.pem 
   file have to owned by voms.


4) $ voms-proxy-init --voms test
Cannot find file or dir: /etc/vomses

    /etc/vomses should be probably be in the client package.

5) /usr/share/voms/voms_install_db -h

 displays

      --logformat format      See the vomsd(8) man page for details.
    --logdateformat format  See the vomsd(8) man page for details.

  should be voms not vomsd.

6) I'll take a look at the start up script later, some return codes 
   need some work.

But service now running and signing proxies for me.

Steve

-- 
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the Fedora-package-review mailing list