IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Don't delete system users that are added during installation.

Browse Source 
We don't want to run the risk of adding a user, uninstalling it,
the system adding a new user (for another package install for example)
and then re-installing IPA. This wreaks havoc with file and directory
ownership.

https://fedorahosted.org/freeipa/ticket/2423
This commit is contained in:
Rob Crittenden
2012-02-28 23:05:06 -05:00
committed by Martin Kosek
parent 610420bd2a
commit a5a55ceff3
3 changed files with 9 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
install/tools/ipa-server-install
View File

@@ -475,16 +475,6 @@ def uninstall():
sstore._load() sstore._load()
group_exists = sstore.restore_state("install", "group_exists") group_exists = sstore.restore_state("install", "group_exists")
if group_exists == False:
try:
grp.getgrnam(dsinstance.DS_GROUP)
try:
ipautil.run(["/usr/sbin/groupdel", dsinstance.DS_GROUP])
except ipautil.CalledProcessError, e:
root_logger.critical("failed to delete group %s" % e)
rv = 1
except KeyError:
root_logger.info("Group %s already removed", dsinstance.DS_GROUP)
ipaservices.knownservices.ipa.disable() ipaservices.knownservices.ipa.disable()
@@ -855,16 +845,13 @@ def main():
try: try:
grp.getgrnam(dsinstance.DS_GROUP) grp.getgrnam(dsinstance.DS_GROUP)
root_logger.debug("ds group %s exists" % dsinstance.DS_GROUP) root_logger.debug("ds group %s exists" % dsinstance.DS_GROUP)
group_exists = True
except KeyError: except KeyError:
group_exists = False
args = ["/usr/sbin/groupadd", "-r", dsinstance.DS_GROUP] args = ["/usr/sbin/groupadd", "-r", dsinstance.DS_GROUP]
try: try:
ipautil.run(args) ipautil.run(args)
root_logger.debug("done adding DS group") root_logger.debug("done adding DS group")
except ipautil.CalledProcessError, e: except ipautil.CalledProcessError, e:
root_logger.critical("failed to add DS group: %s" % e) root_logger.critical("failed to add DS group: %s" % e)
sstore.backup_state("install", "group_exists", group_exists)
# Configure ntpd # Configure ntpd
if options.conf_ntp: if options.conf_ntp:

24
ipaserver/install/cainstance.py
View File

@@ -274,12 +274,10 @@ class CADSInstance(service.Service):
GROUP=dsinstance.DS_GROUP) GROUP=dsinstance.DS_GROUP)
def __create_ds_user(self): def __create_ds_user(self):
user_exists = True
try: try:
pwd.getpwnam(PKI_DS_USER) pwd.getpwnam(PKI_DS_USER)
root_logger.debug("ds user %s exists" % PKI_DS_USER) root_logger.debug("ds user %s exists" % PKI_DS_USER)
except KeyError: except KeyError:
user_exists = False
root_logger.debug("adding ds user %s" % PKI_DS_USER) root_logger.debug("adding ds user %s" % PKI_DS_USER)
args = ["/usr/sbin/useradd", "-g", dsinstance.DS_GROUP, args = ["/usr/sbin/useradd", "-g", dsinstance.DS_GROUP,
"-c", "PKI DS System User", "-c", "PKI DS System User",
@@ -292,8 +290,6 @@ class CADSInstance(service.Service):
except ipautil.CalledProcessError, e: except ipautil.CalledProcessError, e:
root_logger.critical("failed to add user %s" % e) root_logger.critical("failed to add user %s" % e)
self.backup_state("user_exists", user_exists)
def __create_instance(self): def __create_instance(self):
self.backup_state("running", dsinstance.is_ds_running()) self.backup_state("running", dsinstance.is_ds_running())
self.backup_state("serverid", self.serverid) self.backup_state("serverid", self.serverid)
@@ -406,11 +402,9 @@ class CADSInstance(service.Service):
user_exists = self.restore_state("user_exists") user_exists = self.restore_state("user_exists")
if user_exists == False: # At one time we removed this user on uninstall. That can potentially
try: # orphan files, or worse, if another useradd runs in the intermim,
ipautil.run(["/usr/sbin/userdel", PKI_DS_USER]) # cause files to have a new owner.
except ipautil.CalledProcessError, e:
root_logger.critical("failed to delete user %s" % e)
class CAInstance(service.Service): class CAInstance(service.Service):
""" """
@@ -566,12 +560,10 @@ class CAInstance(service.Service):
# so actual enablement is delayed. # so actual enablement is delayed.
def __create_ca_user(self): def __create_ca_user(self):
user_exists = True
try: try:
pwd.getpwnam(PKI_USER) pwd.getpwnam(PKI_USER)
root_logger.debug("ca user %s exists" % PKI_USER) root_logger.debug("ca user %s exists" % PKI_USER)
except KeyError: except KeyError:
user_exists = False
root_logger.debug("adding ca user %s" % PKI_USER) root_logger.debug("adding ca user %s" % PKI_USER)
args = ["/usr/sbin/useradd", "-c", "CA System User", args = ["/usr/sbin/useradd", "-c", "CA System User",
"-d", "/var/lib", "-d", "/var/lib",
@@ -583,8 +575,6 @@ class CAInstance(service.Service):
except ipautil.CalledProcessError, e: except ipautil.CalledProcessError, e:
root_logger.critical("failed to add user %s" % e) root_logger.critical("failed to add user %s" % e)
self.backup_state("user_exists", user_exists)
def __configure_instance(self): def __configure_instance(self):
preop_pin = get_preop_pin(self.server_root, PKI_INSTANCE_NAME) preop_pin = get_preop_pin(self.server_root, PKI_INSTANCE_NAME)
@@ -1064,12 +1054,10 @@ class CAInstance(service.Service):
except ipautil.CalledProcessError, e: except ipautil.CalledProcessError, e:
root_logger.critical("failed to uninstall CA instance %s" % e) root_logger.critical("failed to uninstall CA instance %s" % e)
# At one time we removed this user on uninstall. That can potentially
# orphan files, or worse, if another useradd runs in the intermim,
# cause files to have a new owner.
user_exists = self.restore_state("user_exists") user_exists = self.restore_state("user_exists")
if user_exists == False:
try:
ipautil.run(["/usr/sbin/userdel", PKI_USER])
except ipautil.CalledProcessError, e:
root_logger.critical("failed to delete user %s" % e)
def publish_ca_cert(self, location): def publish_ca_cert(self, location):
args = ["-L", "-n", self.canickname, "-a"] args = ["-L", "-n", self.canickname, "-a"]

15
ipaserver/install/dsinstance.py
View File

@@ -288,12 +288,10 @@ class DsInstance(service.Service):
) )
def __create_ds_user(self): def __create_ds_user(self):
user_exists = True
try: try:
pwd.getpwnam(DS_USER) pwd.getpwnam(DS_USER)
root_logger.debug("ds user %s exists" % DS_USER) root_logger.debug("ds user %s exists" % DS_USER)
except KeyError: except KeyError:
user_exists = False
root_logger.debug("adding ds user %s" % DS_USER) root_logger.debug("adding ds user %s" % DS_USER)
args = ["/usr/sbin/useradd", "-g", DS_GROUP, args = ["/usr/sbin/useradd", "-g", DS_GROUP,
"-c", "DS System User", "-c", "DS System User",
@@ -306,8 +304,6 @@ class DsInstance(service.Service):
except ipautil.CalledProcessError, e: except ipautil.CalledProcessError, e:
root_logger.critical("failed to add user %s" % e) root_logger.critical("failed to add user %s" % e)
self.backup_state("user_exists", user_exists)
def __create_instance(self): def __create_instance(self):
self.backup_state("running", is_ds_running()) self.backup_state("running", is_ds_running())
self.backup_state("serverid", self.serverid) self.backup_state("serverid", self.serverid)
@@ -624,16 +620,11 @@ class DsInstance(service.Service):
dsdb.untrack_server_cert("Server-Cert") dsdb.untrack_server_cert("Server-Cert")
erase_ds_instance_data(serverid) erase_ds_instance_data(serverid)
# At one time we removed this user on uninstall. That can potentially
# orphan files, or worse, if another useradd runs in the intermim,
# cause files to have a new owner.
user_exists = self.restore_state("user_exists") user_exists = self.restore_state("user_exists")
if user_exists == False:
pent = pwd.getpwnam(DS_USER)
installutils.remove_file("/var/tmp/ldap_%d" % pent.pw_uid)
try:
ipautil.run(["/usr/sbin/userdel", DS_USER])
except ipautil.CalledProcessError, e:
root_logger.critical("failed to delete user %s" % e)
# Make sure some upgrade-related state is removed. This could cause # Make sure some upgrade-related state is removed. This could cause
# re-installation problems. # re-installation problems.
self.restore_state('nsslapd-port') self.restore_state('nsslapd-port')