[Bug 517763] Review Request: voms - Virtual Organization Membership Service
bugzilla at redhat.com
bugzilla at redhat.com
Mon Aug 31 09:04:40 UTC 2009
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=517763
--- Comment #5 from Steve Traylen <steve.traylen at cern.ch> 2009-08-31 05:04:38 EDT ---
Hi Mattias,
Some of these are really upstream bugs.
Yes the INSTALL.Fedora is there, my mistake.
1) The
/usr/share/voms/voms_install_db --voms-vo=test --port=15000 \
--db-type=mysql --db-admin=root --db-pwd="" \
--sqlloc=/usr/lib64/voms/libvomsmysql.so
fails if there are no CA's installed.
rror opening Certificate /etc/grid-security/certificates/*.0
5899:error:02001002:system library:fopen:No such file or
directory:bss_file.c:356:fopen('/etc/grid-security/certificates/*.0','r')
5899:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:358:
unable to load certificate
so adding a comment that there must be some CAs installed before
voms_install_db is ran would make sense though not required.
Quite why you need CAs to do this is not obvious.
2) Permissions on /etc/voms.
I think it is normal for files only read by a deamon when they
can be owned by root to be owned by root. That way if voms user
is compromised the voms configuration can't be altered by the voms
user.
I think voms_install_db can and should be executed as root.
You end up now with.
voms:voms , a+r /etc/voms
root:root , a+r /etc/voms/test
root:voms , ug+r /etc/voms/test/voms.pass
root:root , a+r /etc/voms/test/voms.conf
given that /etc/voms/test is root owned I see little point anyway
in having /etc/voms owned voms:voms
3) Permission on /etc/grid-security/voms
Again this directory is populated by root even if hostkey/cert.pem
file have to owned by voms.
4) $ voms-proxy-init --voms test
Cannot find file or dir: /etc/vomses
/etc/vomses should be probably be in the client package.
5) /usr/share/voms/voms_install_db -h
displays
--logformat format See the vomsd(8) man page for details.
--logdateformat format See the vomsd(8) man page for details.
should be voms not vomsd.
6) I'll take a look at the start up script later, some return codes
need some work.
But service now running and signing proxies for me.
Steve
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
More information about the Fedora-package-review
mailing list