IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Create system users for FreeIPA services during package installation

Browse Source 
Previously system users needed by FreeIPA server services was created during
ipa-server-install. This led to problem when DBus policy was configured during
package installation but the user specified in the policy didn't exist yet
(and potentionally similar ones). Now the users will be created in package %pre
section so all users freeipa-server package needs exist before any installation
or configuration begins.
Another possibility would be using systemd-sysusers(8) for this purpose but
given that systemd is not available during container build the traditional
approach is superior.
Also dirsrv and pkiuser users are no longer created by FreeIPA instead it
depends on 389ds and dogtag to create those users.

https://pagure.io/freeipa/issue/6743

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
This commit is contained in:
David Kupka
2017-04-11 11:43:40 +02:00
committed by Pavel Vomacka
parent 157831a287
commit a726e98f03
11 changed files with 11 additions and 147 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
ipaserver/install/installutils.py
View File

@@ -44,7 +44,6 @@ import six
from six.moves.configparser import SafeConfigParser, NoOptionError
# pylint: enable=import-error
from ipalib.constants import IPAAPI_USER, IPAAPI_GROUP
from ipalib.install import sysrestore
from ipalib.install.kinit import kinit_password
import ipaplatform
@@ -56,7 +55,6 @@ from ipalib import api, errors, x509
from ipapython.dn import DN
from ipaserver.install import certs, service, sysupgrade
from ipaplatform import services
from ipaplatform.constants import constants
from ipaplatform.paths import paths
from ipaplatform.tasks import tasks
@@ -1515,14 +1513,3 @@ def default_subject_base(realm_name):
def default_ca_subject_dn(subject_base):
return DN(('CN', 'Certificate Authority'), subject_base)
def create_ipaapi_user():
"""Create IPA API user/group if it doesn't exist yet."""
tasks.create_system_user(
name=IPAAPI_USER,
group=IPAAPI_GROUP,
homedir=paths.VAR_LIB,
shell=paths.NOLOGIN
)
tasks.add_user_to_group(constants.HTTPD_USER, IPAAPI_GROUP)