mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-02-25 18:55:28 -06:00
Don't delete system users that are added during installation.
We don't want to run the risk of adding a user, uninstalling it, the system adding a new user (for another package install for example) and then re-installing IPA. This wreaks havoc with file and directory ownership. https://fedorahosted.org/freeipa/ticket/2423
This commit is contained in:
committed by
Martin Kosek
parent
610420bd2a
commit
a5a55ceff3
@@ -274,12 +274,10 @@ class CADSInstance(service.Service):
|
||||
GROUP=dsinstance.DS_GROUP)
|
||||
|
||||
def __create_ds_user(self):
|
||||
user_exists = True
|
||||
try:
|
||||
pwd.getpwnam(PKI_DS_USER)
|
||||
root_logger.debug("ds user %s exists" % PKI_DS_USER)
|
||||
except KeyError:
|
||||
user_exists = False
|
||||
root_logger.debug("adding ds user %s" % PKI_DS_USER)
|
||||
args = ["/usr/sbin/useradd", "-g", dsinstance.DS_GROUP,
|
||||
"-c", "PKI DS System User",
|
||||
@@ -292,8 +290,6 @@ class CADSInstance(service.Service):
|
||||
except ipautil.CalledProcessError, e:
|
||||
root_logger.critical("failed to add user %s" % e)
|
||||
|
||||
self.backup_state("user_exists", user_exists)
|
||||
|
||||
def __create_instance(self):
|
||||
self.backup_state("running", dsinstance.is_ds_running())
|
||||
self.backup_state("serverid", self.serverid)
|
||||
@@ -406,11 +402,9 @@ class CADSInstance(service.Service):
|
||||
|
||||
user_exists = self.restore_state("user_exists")
|
||||
|
||||
if user_exists == False:
|
||||
try:
|
||||
ipautil.run(["/usr/sbin/userdel", PKI_DS_USER])
|
||||
except ipautil.CalledProcessError, e:
|
||||
root_logger.critical("failed to delete user %s" % e)
|
||||
# At one time we removed this user on uninstall. That can potentially
|
||||
# orphan files, or worse, if another useradd runs in the intermim,
|
||||
# cause files to have a new owner.
|
||||
|
||||
class CAInstance(service.Service):
|
||||
"""
|
||||
@@ -566,12 +560,10 @@ class CAInstance(service.Service):
|
||||
# so actual enablement is delayed.
|
||||
|
||||
def __create_ca_user(self):
|
||||
user_exists = True
|
||||
try:
|
||||
pwd.getpwnam(PKI_USER)
|
||||
root_logger.debug("ca user %s exists" % PKI_USER)
|
||||
except KeyError:
|
||||
user_exists = False
|
||||
root_logger.debug("adding ca user %s" % PKI_USER)
|
||||
args = ["/usr/sbin/useradd", "-c", "CA System User",
|
||||
"-d", "/var/lib",
|
||||
@@ -583,8 +575,6 @@ class CAInstance(service.Service):
|
||||
except ipautil.CalledProcessError, e:
|
||||
root_logger.critical("failed to add user %s" % e)
|
||||
|
||||
self.backup_state("user_exists", user_exists)
|
||||
|
||||
def __configure_instance(self):
|
||||
preop_pin = get_preop_pin(self.server_root, PKI_INSTANCE_NAME)
|
||||
|
||||
@@ -1064,12 +1054,10 @@ class CAInstance(service.Service):
|
||||
except ipautil.CalledProcessError, e:
|
||||
root_logger.critical("failed to uninstall CA instance %s" % e)
|
||||
|
||||
# At one time we removed this user on uninstall. That can potentially
|
||||
# orphan files, or worse, if another useradd runs in the intermim,
|
||||
# cause files to have a new owner.
|
||||
user_exists = self.restore_state("user_exists")
|
||||
if user_exists == False:
|
||||
try:
|
||||
ipautil.run(["/usr/sbin/userdel", PKI_USER])
|
||||
except ipautil.CalledProcessError, e:
|
||||
root_logger.critical("failed to delete user %s" % e)
|
||||
|
||||
def publish_ca_cert(self, location):
|
||||
args = ["-L", "-n", self.canickname, "-a"]
|
||||
|
Reference in New Issue
Block a user