diff options
| -rw-r--r-- | install/share/custodia.conf.template | 4 | ||||
| -rw-r--r-- | ipaserver/install/custodiainstance.py | 6 |
2 files changed, 7 insertions, 3 deletions
diff --git a/install/share/custodia.conf.template b/install/share/custodia.conf.template index 688229a50..d9de4d77f 100644 --- a/install/share/custodia.conf.template +++ b/install/share/custodia.conf.template @@ -5,8 +5,8 @@ auditlog = $IPA_CUSTODIA_AUDIT_LOG [auth:simple] handler = custodia.httpd.authenticators.SimpleCredsAuth -uid = 48 -gid = 48 +uid = $UID +gid = $GID [auth:header] handler = custodia.httpd.authenticators.SimpleHeaderAuth diff --git a/ipaserver/install/custodiainstance.py b/ipaserver/install/custodiainstance.py index dbe36af6d..424e0797b 100644 --- a/ipaserver/install/custodiainstance.py +++ b/ipaserver/install/custodiainstance.py @@ -3,6 +3,7 @@ from ipapython.secrets.kem import IPAKEMKeys from ipapython.secrets.client import CustodiaClient from ipaplatform.paths import paths +from ipaplatform.constants import constants from service import SimpleServiceInstance from ipapython import ipautil from ipapython.ipa_log_manager import root_logger @@ -14,6 +15,7 @@ from jwcrypto.common import json_decode import shutil import os import tempfile +import pwd class CustodiaInstance(SimpleServiceInstance): @@ -30,10 +32,12 @@ class CustodiaInstance(SimpleServiceInstance): def __config_file(self): template_file = os.path.basename(self.config_file) + '.template' template = os.path.join(ipautil.SHARE_DIR, template_file) + httpd_info = pwd.getpwnam(constants.HTTPD_USER) sub_dict = dict(IPA_CUSTODIA_CONF_DIR=paths.IPA_CUSTODIA_CONF_DIR, IPA_CUSTODIA_SOCKET=paths.IPA_CUSTODIA_SOCKET, IPA_CUSTODIA_AUDIT_LOG=paths.IPA_CUSTODIA_AUDIT_LOG, - LDAP_URI=installutils.realm_to_ldapi_uri(self.realm)) + LDAP_URI=installutils.realm_to_ldapi_uri(self.realm), + UID=httpd_info.pw_uid, GID=httpd_info.pw_gid) conf = ipautil.template_file(template, sub_dict) fd = open(self.config_file, "w+") fd.write(conf) |