From 06566cb62b00c10b9ef2fd210bb9b36c16649de5 Mon Sep 17 00:00:00 2001 From: Petr Viktorin Date: Tue, 29 Jul 2014 12:41:25 +0200 Subject: [PATCH] backup,restore: Don't overwrite /etc/{passwd,group} The /etc/passwd and /etc/group files are not saved and restored. The DS user is always created on restore, and the PKI user is created if a CA is being restored. https://fedorahosted.org/freeipa/ticket/3866 Reviewed-By: Tomas Babej --- ipaserver/install/ipa_backup.py | 2 -- ipaserver/install/ipa_restore.py | 4 +++- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/ipaserver/install/ipa_backup.py b/ipaserver/install/ipa_backup.py index 0830eb0c5..749368519 100644 --- a/ipaserver/install/ipa_backup.py +++ b/ipaserver/install/ipa_backup.py @@ -149,8 +149,6 @@ class Backup(admintool.AdminTool): paths.SSHD_CONFIG, paths.SSH_CONFIG, paths.KRB5_CONF, - paths.GROUP, - paths.PASSWD, CACERT, paths.IPA_DEFAULT_CONF, paths.DS_KEYTAB, diff --git a/ipaserver/install/ipa_restore.py b/ipaserver/install/ipa_restore.py index 439f68304..e230f0aa3 100644 --- a/ipaserver/install/ipa_restore.py +++ b/ipaserver/install/ipa_restore.py @@ -32,7 +32,7 @@ from ipapython import admintool from ipapython.dn import DN from ipaserver.install.dsinstance import (realm_to_serverid, create_ds_user, DS_USER) -from ipaserver.install.cainstance import PKI_USER +from ipaserver.install.cainstance import PKI_USER, create_ca_user from ipaserver.install.replication import (wait_for_task, ReplicationManager, get_cs_replication_manager) from ipaserver.install import installutils @@ -265,6 +265,8 @@ class Restore(admintool.AdminTool): # We do either a full file restore or we restore data. if self.backup_type == 'FULL' and not options.data_only: + if 'CA' in self.backup_services: + create_ca_user() if options.online: raise admintool.ScriptError('File restoration cannot be done online.') self.file_restore(options.no_logs)