[Freeipa-devel] [PATCH] 0025 Respect UID and GID soft static allocation.

David Kupka dkupka at redhat.com
Mon Nov 3 09:28:38 UTC 2014 

On 10/30/2014 10:42 AM, Martin Basti wrote:
> On 29/10/14 17:23, David Kupka wrote:
>> On 10/29/2014 02:34 PM, David Kupka wrote:
>>> On 10/24/2014 03:05 PM, David Kupka wrote:
>>>> On 10/24/2014 01:06 PM, David Kupka wrote:
>>>>> On 10/24/2014 10:43 AM, Martin Basti wrote:
>>>>>> On 24/10/14 09:51, David Kupka wrote:
>>>>>>> https://fedorahosted.org/freeipa/ticket/4585
>>>>>> NACK
>>>>>>
>>>>>> 1)
>>>>>> Why is there line with 'DS System User?' The comment should depend on
>>>>>> service.
>>>>>>
>>>>>> +            args = [
>>>>>> +                paths.USERADD,
>>>>>> +                '-g', group,
>>>>>> +                '-c', 'DS System User',
>>>>>> +                '-d', homedir,
>>>>>> +                '-s', shell,
>>>>>> +                '-M', '-r', name,
>>>>>> +            ]
>>>>>
>>>>> This was part of the original code and I didn't notice it. Nice catch,
>>>>> thanks.
>>>>>
>>>>>>
>>>>>> 2)
>>>>>> code create_system_user is duplicated between base and redhat tasks
>>>>>> with
>>>>>> platform dependent changes.
>>>>>> IMO it would be better to have one method to create user, with
>>>>>> keyword
>>>>>> arguments.  And then platform dependent method which will call
>>>>>> method to
>>>>>> create user with appropriate arguments (or with default arguments)
>>>>>>
>>>>>
>>>>> You're right it was ugly.
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Freeipa-devel mailing list
>>>>> Freeipa-devel at redhat.com
>>>>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>>>>>
>>>> I shouldn't break SOLID principles.
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Freeipa-devel mailing list
>>>> Freeipa-devel at redhat.com
>>>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>>>>
>>> Using super is probably better that explicit naming of parent class.
>>> Let user (developer) override UID/GID and hope that he knows why ...
>>>
>>>
>>> _______________________________________________
>>> Freeipa-devel mailing list
>>> Freeipa-devel at redhat.com
>>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>>>
>>
>
>
> In your former patch you had pki homedir path VAR_LIB_PKI_DIR :
>
> +        if name == 'pkiuser':
> +            uid = 17
> +            gid = 17
> +            homedir = paths.VAR_LIB_PKI_DIR
> +            shell = paths.NOLOGIN
> +            comment = 'CA System User'
>
> in last patch you change it back to:
>
>           homedir=paths.VAR_LIB,
>
> so what is the correct path?
>

The setup package (soft static allocation) claims that pkiuser should 
use '/usr/share/pki' as home directory. Since pkiuser has /sbin/nologin 
set as a login shell it's unable to login and does't need home directory 
at all.
We could use '--system' option of useradd utility to skip home directory 
creation or change to proposed value or just leave the old value and all 
will result in no change in behavior.
I'm not sure if the '--system' option is available universally. IIRC it 
used to be Red Hat-like-systems specific extension.

-- 
David Kupka

More information about the Freeipa-devel mailing list