From a5a55ceff3822ede55ad817ede0da5712fb75651 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Tue, 28 Feb 2012 23:05:06 -0500
Subject: Don't delete system users that are added during installation.

We don't want to run the risk of adding a user, uninstalling it,
the system adding a new user (for another package install for example)
and then re-installing IPA. This wreaks havoc with file and directory
ownership.

https://fedorahosted.org/freeipa/ticket/2423
---
 ipaserver/install/dsinstance.py | 15 +++------------
 1 file changed, 3 insertions(+), 12 deletions(-)

(limited to 'ipaserver/install/dsinstance.py')

diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index c66f2a7f..5b5b24ca 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -288,12 +288,10 @@ class DsInstance(service.Service):
                          )
 
     def __create_ds_user(self):
-        user_exists = True
         try:
             pwd.getpwnam(DS_USER)
             root_logger.debug("ds user %s exists" % DS_USER)
         except KeyError:
-            user_exists = False
             root_logger.debug("adding ds user %s" % DS_USER)
             args = ["/usr/sbin/useradd", "-g", DS_GROUP,
                                          "-c", "DS System User",
@@ -306,8 +304,6 @@ class DsInstance(service.Service):
             except ipautil.CalledProcessError, e:
                 root_logger.critical("failed to add user %s" % e)
 
-        self.backup_state("user_exists", user_exists)
-
     def __create_instance(self):
         self.backup_state("running", is_ds_running())
         self.backup_state("serverid", self.serverid)
@@ -624,16 +620,11 @@ class DsInstance(service.Service):
             dsdb.untrack_server_cert("Server-Cert")
             erase_ds_instance_data(serverid)
 
+        # At one time we removed this user on uninstall. That can potentially
+        # orphan files, or worse, if another useradd runs in the intermim,
+        # cause files to have a new owner.
         user_exists = self.restore_state("user_exists")
 
-        if user_exists == False:
-            pent = pwd.getpwnam(DS_USER)
-            installutils.remove_file("/var/tmp/ldap_%d" % pent.pw_uid)
-            try:
-                ipautil.run(["/usr/sbin/userdel", DS_USER])
-            except ipautil.CalledProcessError, e:
-                root_logger.critical("failed to delete user %s" % e)
-
         # Make sure some upgrade-related state is removed. This could cause
         # re-installation problems.
         self.restore_state('nsslapd-port')
-- 
cgit