From cc9abf5d38c0030bb4dad0e204c16c9c9bae27c0 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Fri, 28 Jan 2011 15:45:19 -0500 Subject: Use a common group for all DS instances Also remove the option to choose a user. It is silly to keep it, when you can't choose the group nor the CA directory user. Fixes: https://fedorahosted.org/freeipa/ticket/851 --- ipaserver/install/dsinstance.py | 43 +++++++++++++++++------------------------ 1 file changed, 18 insertions(+), 25 deletions(-) (limited to 'ipaserver/install/dsinstance.py') diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index 299505201..0a33697d2 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -21,7 +21,6 @@ import shutil import logging import pwd -import grp import glob import sys import os @@ -48,6 +47,9 @@ SERVER_ROOT_64 = "/usr/lib64/dirsrv" SERVER_ROOT_32 = "/usr/lib/dirsrv" CACERT="/etc/ipa/ca.crt" +DS_USER = 'dirsrv' +DS_GROUP = 'dirsrv' + def find_server_root(): if ipautil.dir_exists(SERVER_ROOT_64): return SERVER_ROOT_64 @@ -176,7 +178,6 @@ class DsInstance(service.Service): self.serverid = None self.fqdn = None self.pkcs12_info = None - self.ds_user = None self.dercert = None self.idstart = None self.idmax = None @@ -223,11 +224,10 @@ class DsInstance(service.Service): self.step("configuring directory to start on boot", self.__enable) - def create_instance(self, ds_user, realm_name, fqdn, domain_name, + def create_instance(self, realm_name, fqdn, domain_name, dm_password, pkcs12_info=None, self_signed_ca=False, idstart=1100, idmax=999999, subject_base=None, hbac_allow=True): - self.ds_user = ds_user self.realm_name = realm_name.upper() self.serverid = realm_to_serverid(self.realm_name) self.suffix = util.realm_to_suffix(self.realm_name) @@ -256,9 +256,8 @@ class DsInstance(service.Service): self.start_creation("Configuring directory server", 60) - def create_replica(self, ds_user, realm_name, master_fqdn, fqdn, + def create_replica(self, realm_name, master_fqdn, fqdn, domain_name, dm_password, pkcs12_info=None): - self.ds_user = ds_user self.realm_name = realm_name.upper() self.serverid = realm_to_serverid(self.realm_name) self.suffix = util.realm_to_suffix(self.realm_name) @@ -309,7 +308,7 @@ class DsInstance(service.Service): self.sub_dict = dict(FQHN=self.fqdn, SERVERID=self.serverid, PASSWORD=self.dm_password, SUFFIX=self.suffix.lower(), - REALM=self.realm_name, USER=self.ds_user, + REALM=self.realm_name, USER=DS_USER, SERVER_ROOT=server_root, DOMAIN=self.domain, TIME=int(time.time()), IDSTART=self.idstart, IDMAX=self.idmax, HOST=self.fqdn, @@ -319,27 +318,22 @@ class DsInstance(service.Service): def __create_ds_user(self): user_exists = True try: - pwd.getpwnam(self.ds_user) - logging.debug("ds user %s exists" % self.ds_user) + pwd.getpwnam(DS_USER) + logging.debug("ds user %s exists" % DS_USER) except KeyError: user_exists = False - logging.debug("adding ds user %s" % self.ds_user) - args = ["/usr/sbin/useradd", "-c", "DS System User", "-d", "/var/lib/dirsrv", "-M", "-r", "-s", "/sbin/nologin", self.ds_user] - try: - # if the group already exists we need to request to add it, - # otherwise useradd will create it for us - grp.getgrnam(self.ds_user) - args.append("-g") - args.append(self.ds_user) - except KeyError: - pass + logging.debug("adding ds user %s" % DS_USER) + args = ["/usr/sbin/useradd", "-g", DS_GROUP, + "-c", "DS System User", + "-d", "/var/lib/dirsrv", + "-s", "/sbin/nologin", + "-M", "-r", DS_USER] try: ipautil.run(args) logging.debug("done adding user") except ipautil.CalledProcessError, e: logging.critical("failed to add user %s" % e) - self.backup_state("user", self.ds_user) self.backup_state("user_exists", user_exists) def __create_instance(self): @@ -617,12 +611,11 @@ class DsInstance(service.Service): dsdb.untrack_server_cert("Server-Cert") erase_ds_instance_data(serverid) - ds_user = self.restore_state("user") user_exists = self.restore_state("user_exists") - if not ds_user is None and not user_exists is None and not user_exists: + if user_exists == False: try: - ipautil.run(["/usr/sbin/userdel", ds_user]) + ipautil.run(["/usr/sbin/userdel", DS_USER]) except ipautil.CalledProcessError, e: logging.critical("failed to delete user %s" % e) @@ -686,7 +679,7 @@ class DsInstance(service.Service): fd.close() for line in lines: sline = line.strip() - if not sline.startswith(self.ds_user): + if not sline.startswith(DS_USER): continue if sline.find('nofile') == -1: continue @@ -711,7 +704,7 @@ class DsInstance(service.Service): if need_sysconf and need_limits: self.fstore.backup_file("/etc/security/limits.conf") fd = open("/etc/security/limits.conf", "a+") - fd.write('%s\t\t-\tnofile\t\t%s\n' % (self.ds_user, str(num))) + fd.write('%s\t\t-\tnofile\t\t%s\n' % (DS_USER, str(num))) fd.close() fd = open("/etc/sysconfig/dirsrv", "a+") -- cgit