diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2009-08-27 14:12:55 -0400 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2009-08-27 14:15:26 -0400 |
| commit | 559c76f761ff46c0d0e7f679d24d7ca5304db101 (patch) | |
| tree | 7df5b1122aca7283bc4a01bfc4afb80e6f265c68 /install | |
| parent | cab55250760ad1633ed115564f83750fd91e230d (diff) | |
| download | freeipa-559c76f761ff46c0d0e7f679d24d7ca5304db101.tar.gz freeipa-559c76f761ff46c0d0e7f679d24d7ca5304db101.tar.xz freeipa-559c76f761ff46c0d0e7f679d24d7ca5304db101.zip | |
Add option to the installer for uid/gid starting numbers.
This also adds a new option to the template system. If you include
eval(string) in a file that goes through the templater then the
string in the eval will be evaluated by the Python interpreter. This is
used so one can do $UIDSTART+1. If any errors occur during the evaluation
the original string is is returned, eval() and all so it is up to the
developer to make sure the evaluation passes.
The default value for uid and gid is now a random value between
1,000,000 and (2^31 - 1,000,000)
Diffstat (limited to 'install')
| -rw-r--r-- | install/share/bootstrap-template.ldif | 10 | ||||
| -rw-r--r-- | install/share/dna-posix.ldif | 4 | ||||
| -rwxr-xr-x | install/tools/ipa-server-install | 11 | ||||
| -rw-r--r-- | install/tools/man/ipa-server-install.1 | 6 |
4 files changed, 23 insertions, 8 deletions
diff --git a/install/share/bootstrap-template.ldif b/install/share/bootstrap-template.ldif index 5c716f6a5..e98c73b07 100644 --- a/install/share/bootstrap-template.ldif +++ b/install/share/bootstrap-template.ldif @@ -69,8 +69,8 @@ uid: admin krbPrincipalName: admin@$REALM cn: Administrator sn: Administrator -uidNumber: 999 -gidNumber: 1001 +uidNumber: $UIDSTART +gidNumber: $GIDSTART homeDirectory: /home/admin loginShell: /bin/bash gecos: Administrator @@ -107,7 +107,7 @@ objectClass: groupofnames objectClass: posixgroup cn: admins description: Account administrators group -gidNumber: 1001 +gidNumber: $GIDSTART member: uid=admin,cn=users,cn=accounts,$SUFFIX nsAccountLock: False @@ -118,7 +118,7 @@ objectClass: groupofnames objectClass: nestedgroup objectClass: ipausergroup objectClass: posixgroup -gidNumber: 1002 +gidNumber: eval($GIDSTART+1) description: Default group for all users cn: ipausers @@ -127,7 +127,7 @@ changetype: add objectClass: top objectClass: groupofnames objectClass: posixgroup -gidNumber: 1003 +gidNumber: eval($GIDSTART+2) description: Limited admins who can edit other users cn: editors diff --git a/install/share/dna-posix.ldif b/install/share/dna-posix.ldif index 6b5cef8cc..e255bb27a 100644 --- a/install/share/dna-posix.ldif +++ b/install/share/dna-posix.ldif @@ -6,7 +6,7 @@ objectclass: top objectclass: extensibleObject cn: Posix Accounts dnaType: uidNumber -dnaNextValue: 1100 +dnaNextValue: eval($UIDSTART+1) dnaInterval: 1 dnaMaxValue: 1000000000 dnaMagicRegen: 999 @@ -21,7 +21,7 @@ objectclass: top objectclass: extensibleObject cn: Posix Groups dnaType: gidNumber -dnaNextValue: 1100 +dnaNextValue: eval($GIDSTART+3) dnaInterval: 1 dnaMaxValue: 1000000000 dnaMagicRegen: 999 diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install index c09b24de5..d0e939796 100755 --- a/install/tools/ipa-server-install +++ b/install/tools/ipa-server-install @@ -36,6 +36,7 @@ import shutil import glob import traceback from optparse import OptionParser +import random from ipaserver.install import dsinstance from ipaserver.install import krbinstance @@ -54,7 +55,11 @@ from ipalib import util pw_name = None +# Used to determine the the highest possible uid/gid +MAXINT_32BIT = 2147483648 + def parse_options(): + namespace = random.randint(1000000, (MAXINT_32BIT - 1000000)) parser = OptionParser(version=version.VERSION) parser.add_option("-u", "--user", dest="ds_user", help="ds user") @@ -97,6 +102,10 @@ def parse_options(): default=False, help="Do not use DNS for hostname lookup during installation") + parser.add_option("--uidstart", dest="uidstart", default=namespace, type=int, + help="The starting uid value (default random)") + parser.add_option("--gidstart", dest="gidstart", default=namespace, type=int, + help="The starting gid value (default random)") options, args = parser.parse_args() if options.uninstall: @@ -537,7 +546,7 @@ def main(): finally: os.remove(pw_name) else: - ds.create_instance(ds_user, realm_name, host_name, domain_name, dm_password, self_signed_ca=not options.ca) + ds.create_instance(ds_user, realm_name, host_name, domain_name, dm_password, self_signed_ca=not options.ca, uidstart=options.uidstart, gidstart=options.gidstart) # Create a kerberos instance krb = krbinstance.KrbInstance(fstore) diff --git a/install/tools/man/ipa-server-install.1 b/install/tools/man/ipa-server-install.1 index bf533af88..df977c2f6 100644 --- a/install/tools/man/ipa-server-install.1 +++ b/install/tools/man/ipa-server-install.1 @@ -75,6 +75,12 @@ The password of the Directory Server PKCS#12 file \fB\-\-http_pin\fR=\fIHTTP_PIN\fR The password of the Apache Server PKCS#12 file .PP +\fB\-\-uidstart\fR=\fIUIDSTART\fR +The starting user id number (default random) +.PP +\fB\-\-gidstart\fR=\fIGIDSTART\fR +The starting group id number (default random) +.PP .SH "EXIT STATUS" 0 if the installation was successful |