ipaplatform: Add HTTPD_USER to constants, and use it.

https://fedorahosted.org/freeipa/ticket/5343 Reviewed-By: Tomas Babej <tbabej@redhat.com>
author: Timo Aaltonen <tjaalton@debian.org> 2015-10-06 16:02:37 +0300
committer: Tomas Babej <tbabej@redhat.com> 2015-11-04 13:12:12 +0100
commit: 874b6d9f28f29368ab5e4e4924136718fde9e2a8 (patch)
tree: 0fcceb22e3fc69ea2a4735ad1f2303ac3e0f0f80 /ipaserver/install
parent: 0d66026d220dd675e9b017db37127b822815cf4a (diff)
download: freeipa-874b6d9f28f29368ab5e4e4924136718fde9e2a8.tar.gz
freeipa-874b6d9f28f29368ab5e4e4924136718fde9e2a8.tar.xz
freeipa-874b6d9f28f29368ab5e4e4924136718fde9e2a8.zip
4 files changed, 12 insertions, 9 deletions
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
index f9315f4f0..23fdf3014 100644
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -48,6 +48,7 @@ from ipalib import pkcs10, x509
 from ipalib import errors
 
 from ipaplatform import services
+from ipaplatform.constants import constants
 from ipaplatform.paths import paths
 from ipaplatform.tasks import tasks
 
@@ -1140,7 +1141,7 @@ class CAInstance(DogtagInstance):
         os.chmod(self.ra_agent_db + "/key3.db", 0o640)
         os.chmod(self.ra_agent_db + "/secmod.db", 0o640)
 
-        pent = pwd.getpwnam("apache")
+        pent = pwd.getpwnam(constants.HTTPD_USER)
         os.chown(self.ra_agent_db + "/cert8.db", 0, pent.pw_gid )
         os.chown(self.ra_agent_db + "/key3.db", 0, pent.pw_gid )
         os.chown(self.ra_agent_db + "/secmod.db", 0, pent.pw_gid )
diff --git a/ipaserver/install/certs.py b/ipaserver/install/certs.py
index 4f240da56..658e8ec45 100644
--- a/ipaserver/install/certs.py
+++ b/ipaserver/install/certs.py
@@ -43,6 +43,7 @@ from ipalib import pkcs10, x509, api
 from ipalib.errors import CertificateOperationError
 from ipalib.text import _
 from ipaplatform import services
+from ipaplatform.constants import constants
 from ipaplatform.paths import paths
 
 # Apache needs access to this database so we need to create it
@@ -519,8 +520,7 @@ class CertDB(object):
         f.write(pwdfile.read())
         f.close()
         pwdfile.close()
-        # TODO: replace explicit uid by a platform-specific one
-        self.set_perms(self.pwd_conf, uid="apache")
+        self.set_perms(self.pwd_conf, uid=constants.HTTPD_USER)
 
     def find_root_cert(self, nickname):
         """
diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py
index 0d1074dbd..34fa64df8 100644
--- a/ipaserver/install/httpinstance.py
+++ b/ipaserver/install/httpinstance.py
@@ -41,6 +41,7 @@ import ipapython.errors
 from ipaserver.install import sysupgrade
 from ipalib import api
 from ipalib import errors
+from ipaplatform.constants import constants
 from ipaplatform.tasks import tasks
 from ipaplatform.paths import paths
 from ipaplatform import services
@@ -52,7 +53,7 @@ SELINUX_BOOLEAN_SETTINGS = dict(
 )
 
 KDCPROXY_USER = 'kdcproxy'
-
+HTTPD_USER = constants.HTTPD_USER
 
 def httpd_443_configured():
     """
@@ -190,14 +191,14 @@ class HTTPInstance(service.Service):
             installutils.create_keytab(paths.IPA_KEYTAB, self.principal)
             self.move_service(self.principal)
 
-        pent = pwd.getpwnam("apache")
+        pent = pwd.getpwnam(HTTPD_USER)
         os.chown(paths.IPA_KEYTAB, pent.pw_uid, pent.pw_gid)
 
     def remove_httpd_ccache(self):
         # Clean up existing ccache
         # Make sure that empty env is passed to avoid passing KRB5CCNAME from
         # current env
-        ipautil.run(['kdestroy', '-A'], runas='apache', raiseonerr=False, env={})
+        ipautil.run(['kdestroy', '-A'], runas=HTTPD_USER, raiseonerr=False, env={})
 
     def __configure_http(self):
         target_fname = paths.HTTPD_IPA_CONF
@@ -328,7 +329,7 @@ class HTTPInstance(service.Service):
         os.chmod(certs.NSS_DIR + "/secmod.db", 0o660)
         os.chmod(certs.NSS_DIR + "/pwdfile.txt", 0o660)
 
-        pent = pwd.getpwnam("apache")
+        pent = pwd.getpwnam(HTTPD_USER)
         os.chown(certs.NSS_DIR + "/cert8.db", 0, pent.pw_gid )
         os.chown(certs.NSS_DIR + "/key3.db", 0, pent.pw_gid )
         os.chown(certs.NSS_DIR + "/secmod.db", 0, pent.pw_gid )
@@ -497,7 +498,7 @@ class HTTPInstance(service.Service):
                 pass
 
         # Remove the ccache file for the HTTPD service
-        ipautil.run([paths.KDESTROY, '-c', paths.KRB5CC_HTTPD], runas='apache',
+        ipautil.run([paths.KDESTROY, '-c', paths.KRB5CC_HTTPD], runas=HTTPD_USER,
                     raiseonerr=False)
 
         # Remove the configuration files we create
diff --git a/ipaserver/install/ipa_server_certinstall.py b/ipaserver/install/ipa_server_certinstall.py
index e90b2abd6..ac0b0274e 100644
--- a/ipaserver/install/ipa_server_certinstall.py
+++ b/ipaserver/install/ipa_server_certinstall.py
@@ -24,6 +24,7 @@ import os.path
 import pwd
 import optparse
 
+from ipaplatform.constants import constants
 from ipaplatform.paths import paths
 from ipapython import admintool
 from ipapython.dn import DN
@@ -151,7 +152,7 @@ class ServerCertInstall(admintool.AdminTool):
         os.chmod(os.path.join(dirname, 'key3.db'), 0o640)
         os.chmod(os.path.join(dirname, 'secmod.db'), 0o640)
 
-        pent = pwd.getpwnam("apache")
+        pent = pwd.getpwnam(constants.HTTPD_USER)
         os.chown(os.path.join(dirname, 'cert8.db'), 0, pent.pw_gid)
         os.chown(os.path.join(dirname, 'key3.db'), 0, pent.pw_gid)
         os.chown(os.path.join(dirname, 'secmod.db'), 0, pent.pw_gid)
author	Timo Aaltonen <tjaalton@debian.org>	2015-10-06 16:02:37 +0300
committer	Tomas Babej <tbabej@redhat.com>	2015-11-04 13:12:12 +0100
commit	874b6d9f28f29368ab5e4e4924136718fde9e2a8 (patch)
tree	0fcceb22e3fc69ea2a4735ad1f2303ac3e0f0f80 /ipaserver/install
parent	0d66026d220dd675e9b017db37127b822815cf4a (diff)
download	freeipa-874b6d9f28f29368ab5e4e4924136718fde9e2a8.tar.gz freeipa-874b6d9f28f29368ab5e4e4924136718fde9e2a8.tar.xz freeipa-874b6d9f28f29368ab5e4e4924136718fde9e2a8.zip