summaryrefslogtreecommitdiffstats
path: root/ipaserver
diff options
context:
space:
mode:
authorRob Crittenden <rcritten@redhat.com>2012-02-28 23:05:06 -0500
committerMartin Kosek <mkosek@redhat.com>2012-02-29 22:36:13 +0100
commita5a55ceff3822ede55ad817ede0da5712fb75651 (patch)
treeccab9b5a4f9389bcea4cb04c3f91de9d98ca20eb /ipaserver
parent610420bd2ab976ea9e35e6d010e3f1c9f572c646 (diff)
downloadfreeipa-a5a55ceff3822ede55ad817ede0da5712fb75651.tar.gz
freeipa-a5a55ceff3822ede55ad817ede0da5712fb75651.tar.xz
freeipa-a5a55ceff3822ede55ad817ede0da5712fb75651.zip
Don't delete system users that are added during installation.
We don't want to run the risk of adding a user, uninstalling it, the system adding a new user (for another package install for example) and then re-installing IPA. This wreaks havoc with file and directory ownership. https://fedorahosted.org/freeipa/ticket/2423
Diffstat (limited to 'ipaserver')
-rw-r--r--ipaserver/install/cainstance.py24
-rw-r--r--ipaserver/install/dsinstance.py15
2 files changed, 9 insertions, 30 deletions
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
index d2c8d0576..345a8c2da 100644
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -274,12 +274,10 @@ class CADSInstance(service.Service):
GROUP=dsinstance.DS_GROUP)
def __create_ds_user(self):
- user_exists = True
try:
pwd.getpwnam(PKI_DS_USER)
root_logger.debug("ds user %s exists" % PKI_DS_USER)
except KeyError:
- user_exists = False
root_logger.debug("adding ds user %s" % PKI_DS_USER)
args = ["/usr/sbin/useradd", "-g", dsinstance.DS_GROUP,
"-c", "PKI DS System User",
@@ -292,8 +290,6 @@ class CADSInstance(service.Service):
except ipautil.CalledProcessError, e:
root_logger.critical("failed to add user %s" % e)
- self.backup_state("user_exists", user_exists)
-
def __create_instance(self):
self.backup_state("running", dsinstance.is_ds_running())
self.backup_state("serverid", self.serverid)
@@ -406,11 +402,9 @@ class CADSInstance(service.Service):
user_exists = self.restore_state("user_exists")
- if user_exists == False:
- try:
- ipautil.run(["/usr/sbin/userdel", PKI_DS_USER])
- except ipautil.CalledProcessError, e:
- root_logger.critical("failed to delete user %s" % e)
+ # At one time we removed this user on uninstall. That can potentially
+ # orphan files, or worse, if another useradd runs in the intermim,
+ # cause files to have a new owner.
class CAInstance(service.Service):
"""
@@ -566,12 +560,10 @@ class CAInstance(service.Service):
# so actual enablement is delayed.
def __create_ca_user(self):
- user_exists = True
try:
pwd.getpwnam(PKI_USER)
root_logger.debug("ca user %s exists" % PKI_USER)
except KeyError:
- user_exists = False
root_logger.debug("adding ca user %s" % PKI_USER)
args = ["/usr/sbin/useradd", "-c", "CA System User",
"-d", "/var/lib",
@@ -583,8 +575,6 @@ class CAInstance(service.Service):
except ipautil.CalledProcessError, e:
root_logger.critical("failed to add user %s" % e)
- self.backup_state("user_exists", user_exists)
-
def __configure_instance(self):
preop_pin = get_preop_pin(self.server_root, PKI_INSTANCE_NAME)
@@ -1064,12 +1054,10 @@ class CAInstance(service.Service):
except ipautil.CalledProcessError, e:
root_logger.critical("failed to uninstall CA instance %s" % e)
+ # At one time we removed this user on uninstall. That can potentially
+ # orphan files, or worse, if another useradd runs in the intermim,
+ # cause files to have a new owner.
user_exists = self.restore_state("user_exists")
- if user_exists == False:
- try:
- ipautil.run(["/usr/sbin/userdel", PKI_USER])
- except ipautil.CalledProcessError, e:
- root_logger.critical("failed to delete user %s" % e)
def publish_ca_cert(self, location):
args = ["-L", "-n", self.canickname, "-a"]
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index c66f2a7f1..5b5b24caa 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -288,12 +288,10 @@ class DsInstance(service.Service):
)
def __create_ds_user(self):
- user_exists = True
try:
pwd.getpwnam(DS_USER)
root_logger.debug("ds user %s exists" % DS_USER)
except KeyError:
- user_exists = False
root_logger.debug("adding ds user %s" % DS_USER)
args = ["/usr/sbin/useradd", "-g", DS_GROUP,
"-c", "DS System User",
@@ -306,8 +304,6 @@ class DsInstance(service.Service):
except ipautil.CalledProcessError, e:
root_logger.critical("failed to add user %s" % e)
- self.backup_state("user_exists", user_exists)
-
def __create_instance(self):
self.backup_state("running", is_ds_running())
self.backup_state("serverid", self.serverid)
@@ -624,16 +620,11 @@ class DsInstance(service.Service):
dsdb.untrack_server_cert("Server-Cert")
erase_ds_instance_data(serverid)
+ # At one time we removed this user on uninstall. That can potentially
+ # orphan files, or worse, if another useradd runs in the intermim,
+ # cause files to have a new owner.
user_exists = self.restore_state("user_exists")
- if user_exists == False:
- pent = pwd.getpwnam(DS_USER)
- installutils.remove_file("/var/tmp/ldap_%d" % pent.pw_uid)
- try:
- ipautil.run(["/usr/sbin/userdel", DS_USER])
- except ipautil.CalledProcessError, e:
- root_logger.critical("failed to delete user %s" % e)
-
# Make sure some upgrade-related state is removed. This could cause
# re-installation problems.
self.restore_state('nsslapd-port')