ipaplatform: Add HTTPD_USER to constants, and use it.

https://fedorahosted.org/freeipa/ticket/5343 Reviewed-By: Tomas Babej <tbabej@redhat.com>
2025-02-25 18:55:28 -06:00 · 2015-10-06 16:02:37 +03:00 · 2015-10-06 16:02:37 +03:00 · 874b6d9f28
commit 874b6d9f28
parent 0d66026d22
5 changed files with 13 additions and 9 deletions
--- a/ipaplatform/base/constants.py
+++ b/ipaplatform/base/constants.py
@ -8,4 +8,5 @@ This base platform module exports platform dependant constants.


 class BaseConstantsNamespace(object):
+    HTTPD_USER = "apache"
    IPA_DNS_PACKAGE_NAME = "freeipa-server-dns"
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@ -48,6 +48,7 @@ from ipalib import pkcs10, x509
 from ipalib import errors

 from ipaplatform import services
+from ipaplatform.constants import constants
 from ipaplatform.paths import paths
 from ipaplatform.tasks import tasks

@ -1140,7 +1141,7 @@ class CAInstance(DogtagInstance):
        os.chmod(self.ra_agent_db + "/key3.db", 0o640)
        os.chmod(self.ra_agent_db + "/secmod.db", 0o640)

-        pent = pwd.getpwnam("apache")
+        pent = pwd.getpwnam(constants.HTTPD_USER)
        os.chown(self.ra_agent_db + "/cert8.db", 0, pent.pw_gid )
        os.chown(self.ra_agent_db + "/key3.db", 0, pent.pw_gid )
        os.chown(self.ra_agent_db + "/secmod.db", 0, pent.pw_gid )
--- a/ipaserver/install/certs.py
+++ b/ipaserver/install/certs.py
@ -43,6 +43,7 @@ from ipalib import pkcs10, x509, api
 from ipalib.errors import CertificateOperationError
 from ipalib.text import _
 from ipaplatform import services
+from ipaplatform.constants import constants
 from ipaplatform.paths import paths

 # Apache needs access to this database so we need to create it
@ -519,8 +520,7 @@ class CertDB(object):
        f.write(pwdfile.read())
        f.close()
        pwdfile.close()
-        # TODO: replace explicit uid by a platform-specific one
-        self.set_perms(self.pwd_conf, uid="apache")
+        self.set_perms(self.pwd_conf, uid=constants.HTTPD_USER)

    def find_root_cert(self, nickname):
        """
--- a/ipaserver/install/httpinstance.py
+++ b/ipaserver/install/httpinstance.py
@ -41,6 +41,7 @@ import ipapython.errors
 from ipaserver.install import sysupgrade
 from ipalib import api
 from ipalib import errors
+from ipaplatform.constants import constants
 from ipaplatform.tasks import tasks
 from ipaplatform.paths import paths
 from ipaplatform import services
@ -52,7 +53,7 @@ SELINUX_BOOLEAN_SETTINGS = dict(
 )

 KDCPROXY_USER = 'kdcproxy'
-
+HTTPD_USER = constants.HTTPD_USER

 def httpd_443_configured():
    """
@ -190,14 +191,14 @@ class HTTPInstance(service.Service):
            installutils.create_keytab(paths.IPA_KEYTAB, self.principal)
            self.move_service(self.principal)

-        pent = pwd.getpwnam("apache")
+        pent = pwd.getpwnam(HTTPD_USER)
        os.chown(paths.IPA_KEYTAB, pent.pw_uid, pent.pw_gid)

    def remove_httpd_ccache(self):
        # Clean up existing ccache
        # Make sure that empty env is passed to avoid passing KRB5CCNAME from
        # current env
-        ipautil.run(['kdestroy', '-A'], runas='apache', raiseonerr=False, env={})
+        ipautil.run(['kdestroy', '-A'], runas=HTTPD_USER, raiseonerr=False, env={})

    def __configure_http(self):
        target_fname = paths.HTTPD_IPA_CONF
@ -328,7 +329,7 @@ class HTTPInstance(service.Service):
        os.chmod(certs.NSS_DIR + "/secmod.db", 0o660)
        os.chmod(certs.NSS_DIR + "/pwdfile.txt", 0o660)

-        pent = pwd.getpwnam("apache")
+        pent = pwd.getpwnam(HTTPD_USER)
        os.chown(certs.NSS_DIR + "/cert8.db", 0, pent.pw_gid )
        os.chown(certs.NSS_DIR + "/key3.db", 0, pent.pw_gid )
        os.chown(certs.NSS_DIR + "/secmod.db", 0, pent.pw_gid )
@ -497,7 +498,7 @@ class HTTPInstance(service.Service):
                pass

        # Remove the ccache file for the HTTPD service
-        ipautil.run([paths.KDESTROY, '-c', paths.KRB5CC_HTTPD], runas='apache',
+        ipautil.run([paths.KDESTROY, '-c', paths.KRB5CC_HTTPD], runas=HTTPD_USER,
                    raiseonerr=False)

        # Remove the configuration files we create
--- a/ipaserver/install/ipa_server_certinstall.py
+++ b/ipaserver/install/ipa_server_certinstall.py
@ -24,6 +24,7 @@ import os.path
 import pwd
 import optparse

+from ipaplatform.constants import constants
 from ipaplatform.paths import paths
 from ipapython import admintool
 from ipapython.dn import DN
@ -151,7 +152,7 @@ class ServerCertInstall(admintool.AdminTool):
        os.chmod(os.path.join(dirname, 'key3.db'), 0o640)
        os.chmod(os.path.join(dirname, 'secmod.db'), 0o640)

-        pent = pwd.getpwnam("apache")
+        pent = pwd.getpwnam(constants.HTTPD_USER)
        os.chown(os.path.join(dirname, 'cert8.db'), 0, pent.pw_gid)
        os.chown(os.path.join(dirname, 'key3.db'), 0, pent.pw_gid)
        os.chown(os.path.join(dirname, 'secmod.db'), 0, pent.pw_gid)