[Freeipa-devel] [PATCH 0161] Fix dyndb-ldap working dir permission
Martin Basti
mbasti at redhat.com
Thu Nov 13 13:50:17 UTC 2014
On 13/11/14 13:59, Jan Cholasta wrote:
> Dne 12.11.2014 v 13:33 Martin Basti napsal(a):
>> On 11/11/14 16:58, Jan Cholasta wrote:
>>> Hi,
>>>
>>> Dne 11.11.2014 v 16:22 Martin Basti napsal(a):
>>>> Using specfile to create file doesn't work if named user is not on
>>>> system.
>>>> Appropriate permission have to be set during ipa-dns installation.
>>>>
>>>> Patch attached
>>>>
>>>
>>> Why is the directory set up in dnskeysyncinstance instead of
>>> bindinstance?
>> Because, dnskeysyncinstance is the daemon which requires permission
>> change.
>> (dir is created by dyndb-ldap plugin)
>
> OK. But please rename the method to something more suitable
> (fix_dyndb_ldap_workdir_permissions?) and add a docstring/comment.
>
> Also please change the ticket link to
> <https://fedorahosted.org/freeipa/ticket/4716> (cloned from BZ).
>
>>
>>>
>>> The original patch was released with 4.1.1, shouldn't there be update
>>> in ipa-upgradeconfig?
>> Cases:
>> 1) fresh RPM install, no named user during RPM install -> named doesn't
>> start, user had to fix it immediately, can't wait until next release.
>>
>> 2) fresh RPM install, named user -> no impact
>>
>> 3) upgrade IPA with DNS -> no impact
>>
>> 4) upgrade IPA without DNS -> after DNS installation, same as 1)
>>
>> 5) IPA 4.1.0 with installed DNS, upgrade to 4.1.2 -> DNSSEC will not
>> work (If user doesnt use DNSSEC)
>>
>> Only 5) looks serious for me, so here is updated patch.
>
> Could you do the update without the code duplication? In similar code
> an appropriate *instance method is usually called.
>
>>
>> Martin^2
>>>
>>> Honza
>>>
>>
>>
>
> Honza
>
Thanks.
updated patch attached.
Martin^2
--
Martin Basti
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mbasti-0161.3-Fix-named-working-directory-permissions.patch
Type: text/x-patch
Size: 6633 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20141113/f61881e1/attachment.bin>
More information about the Freeipa-devel
mailing list