Server Upgrade: only root can run updates

https://fedorahosted.org/freeipa/ticket/4904 Reviewed-By: David Kupka <dkupka@redhat.com>
author: Martin Basti <mbasti@redhat.com> 2015-03-23 13:28:25 +0100
committer: Petr Vobornik <pvoborni@redhat.com> 2015-04-14 19:25:47 +0200
commit: b9c5744031675beb831210831f9d4b327ccd5544 (patch)
tree: 292a73702836d91642e12a16e1f194fd3307a2fb /ipaserver/install/ipa_ldap_updater.py
parent: d09706a8c8ed02506a9486f919df3d1c2a8e8087 (diff)
download: freeipa-b9c5744031675beb831210831f9d4b327ccd5544.tar.gz
freeipa-b9c5744031675beb831210831f9d4b327ccd5544.tar.xz
freeipa-b9c5744031675beb831210831f9d4b327ccd5544.zip
1 files changed, 6 insertions, 28 deletions
diff --git a/ipaserver/install/ipa_ldap_updater.py b/ipaserver/install/ipa_ldap_updater.py
index c9362ca6d..5a0d61219 100644
--- a/ipaserver/install/ipa_ldap_updater.py
+++ b/ipaserver/install/ipa_ldap_updater.py
@@ -63,9 +63,9 @@ class LDAPUpdater(admintool.AdminTool):
         else:
             return LDAPUpdater_NonUpgrade
 
-    def validate_options(self, **kwargs):
+    def validate_options(self):
         options = self.options
-        super(LDAPUpdater, self).validate_options(**kwargs)
+        super(LDAPUpdater, self).validate_options(needs_root=True)
 
         self.files = self.args
 
@@ -73,14 +73,10 @@ class LDAPUpdater(admintool.AdminTool):
             if not os.path.exists(filename):
                 raise admintool.ScriptError("%s: file not found" % filename)
 
-        if os.getegid() == 0:
-            try:
-                installutils.check_server_configuration()
-            except RuntimeError, e:
-                print unicode(e)
-                sys.exit(1)
-        elif not os.path.exists(paths.IPA_DEFAULT_CONF):
-            print "IPA is not configured on this system."
+        try:
+            installutils.check_server_configuration()
+        except RuntimeError, e:
+            print unicode(e)
             sys.exit(1)
 
         if options.schema_files or not self.files:
@@ -105,12 +101,6 @@ class LDAPUpdater(admintool.AdminTool):
 class LDAPUpdater_Upgrade(LDAPUpdater):
     log_file_name = paths.IPAUPGRADE_LOG
 
-    def validate_options(self):
-        if os.getegid() != 0:
-            raise admintool.ScriptError('Must be root to do an upgrade.', 1)
-
-        super(LDAPUpdater_Upgrade, self).validate_options(needs_root=True)
-
     def run(self):
         super(LDAPUpdater_Upgrade, self).run()
         options = self.options
@@ -134,18 +124,6 @@ class LDAPUpdater_Upgrade(LDAPUpdater):
 class LDAPUpdater_NonUpgrade(LDAPUpdater):
     log_file_name = paths.IPAUPGRADE_LOG
 
-    def validate_options(self):
-        super(LDAPUpdater_NonUpgrade, self).validate_options()
-
-        # Need root for running plugins
-        if os.getegid() != 0:
-            if self.run_plugins:
-                raise admintool.ScriptError(
-                    'Plugins can only be run as root.', 1)
-            else:
-                # Can't log to the default file as non-root
-                self.log_file_name = None
-
     def run(self):
         super(LDAPUpdater_NonUpgrade, self).run()
         options = self.options
author	Martin Basti <mbasti@redhat.com>	2015-03-23 13:28:25 +0100
committer	Petr Vobornik <pvoborni@redhat.com>	2015-04-14 19:25:47 +0200
commit	b9c5744031675beb831210831f9d4b327ccd5544 (patch)
tree	292a73702836d91642e12a16e1f194fd3307a2fb /ipaserver/install/ipa_ldap_updater.py
parent	d09706a8c8ed02506a9486f919df3d1c2a8e8087 (diff)
download	freeipa-b9c5744031675beb831210831f9d4b327ccd5544.tar.gz freeipa-b9c5744031675beb831210831f9d4b327ccd5544.tar.xz freeipa-b9c5744031675beb831210831f9d4b327ccd5544.zip