From b18a5d27b46d14ca1e1c477fbb4050430f69cc06 Mon Sep 17 00:00:00 2001
From: Mark Reynolds <mreynolds@redhat.com>
Date: Fri, 14 Aug 2015 15:54:05 -0400
Subject: [PATCH] Ticket 48247 - Change the default user to 'dirsrv'

Description:  Change the default user to 'dirsrv' instead of using nobody.
              Then when we remove the last instance remove the user if
              lib389 added it.

              Also made some minor fixes.

https://fedorahosted.org/389/ticket/48247

Reviewed by: ?
---
 lib389/__init__.py   | 32 +++++++++++++++++++++++++++++---
 lib389/_constants.py |  5 +++--
 lib389/tools.py      |  3 ++-
 3 files changed, 34 insertions(+), 6 deletions(-)

diff --git a/lib389/__init__.py b/lib389/__init__.py
index 614d647..8dfe28f 100644
--- a/lib389/__init__.py
+++ b/lib389/__init__.py
@@ -39,6 +39,7 @@ import logging
 import decimal
 import glob
 import tarfile
+import subprocess
 
 from ldap.ldapobject import SimpleLDAPObject
 from ldapurl import LDAPUrl
@@ -193,6 +194,8 @@ class DirSrv(SimpleLDAPObject):
                 self.inst            -> equivalent to self.serverid
                 self.sroot/self.inst -> nsslapd-instancedir
                 self.dbdir           -> dirname(nsslapd-directory)
+                self.bakdir          -> nsslapd-bakdir
+                self.ldifdir         -> nsslapd-ldifdir
 
             @param - self
 
@@ -211,12 +214,16 @@ class DirSrv(SimpleLDAPObject):
                     'nsslapd-accesslog',
                     'nsslapd-auditlog',
                     'nsslapd-certdir',
-                    'nsslapd-schemadir'])
+                    'nsslapd-schemadir',
+                    'nsslapd-bakdir',
+                    'nsslapd-ldifdir'])
                 self.errlog    = ent.getValue('nsslapd-errorlog')
                 self.accesslog = ent.getValue('nsslapd-accesslog')
                 self.auditlog  = ent.getValue('nsslapd-auditlog')
                 self.confdir   = ent.getValue('nsslapd-certdir')
                 self.schemadir = ent.getValue('nsslapd-schemadir')
+                self.bakdir    = ent.getValue('nsslapd-bakdir')
+                self.ldifdir   = ent.getValue('nsslapd-ldifdir')
 
                 if self.isLocal:
                     if not self.confdir or not os.access(self.confdir + '/dse.ldif', os.R_OK):
@@ -606,8 +613,8 @@ class DirSrv(SimpleLDAPObject):
             for instance in glob.glob(pattern):
                 serverid = os.path.basename(instance)[len(DEFAULT_ENV_HEAD):]
 
-                # skip removed instance
-                if '.removed' in serverid:
+                # skip removed instance and admin server entry
+                if '.removed' in serverid or 'dirsrv-admin' in instance:
                     continue
 
                 # it is found, store its properties in the list
@@ -804,6 +811,10 @@ class DirSrv(SimpleLDAPObject):
 
             @raise None
         '''
+
+        # Grab all the instances now, before we potentially remove the last one
+        insts = self.list(all=True)
+
         if self.state == DIRSRV_STATE_ONLINE:
             self.close()
 
@@ -824,6 +835,21 @@ class DirSrv(SimpleLDAPObject):
         except:
             log.exception("error executing %r" % cmd)
 
+        # If this was the last instance being deleted, remove the DEFAULT_USER
+        # if lib389 created the default user
+        if os.getuid() == 0:
+            # Only the root user could of added the entry
+            if len(insts) == 1:
+                # No more instances (this was the last one)
+                if pwd.getpwnam(DEFAULT_USER).pw_gecos == DEFAULT_USER_COMMENT:
+                    # We created this user, so we will delete it
+                    cmd = ['/usr/sbin/userdel', DEFAULT_USER]
+                    try:
+                        subprocess.call(cmd)
+                    except subprocess.CalledProcessError as e:
+                        log.exception('Failed to delete default user (%s): error %s' %
+                                      (DEFAULT_USER, e.output))
+
         self.state = DIRSRV_STATE_ALLOCATED
 
     def open(self):
diff --git a/lib389/_constants.py b/lib389/_constants.py
index 96b008e..efabfc6 100644
--- a/lib389/_constants.py
+++ b/lib389/_constants.py
@@ -157,15 +157,16 @@ PLUGIN_WHOAMI             = 'whoami'
 #
 # Constants
 #
-DEFAULT_USER = "nobody"
+DEFAULT_USER = "dirsrv"
 DEFAULT_USERHOME = "/tmp/lib389_home"
+DEFAULT_USER_COMMENT = "lib389 DS user"
 DATA_DIR = "data"
 TMP_DIR = "tmp"
 VALGRIND_WRAPPER = "ns-slapd.valgrind"
 DISORDERLY_SHUTDOWN = 'Detected Disorderly Shutdown last time Directory Server was running, recovering database'
 
 #
-# LOG: see https://access.redhat.com/site/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Configuring_Logs.html
+# LOG: see https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Configuring_Logs.html
 # The default log level is 16384
 #
 (
diff --git a/lib389/tools.py b/lib389/tools.py
index aa04165..d681172 100644
--- a/lib389/tools.py
+++ b/lib389/tools.py
@@ -848,7 +848,7 @@ class DirSrvTools(object):
         except KeyError:
             print "Adding user %s" % user
             cmd = [USERADD, '-g', group,
-                   '-c', "lib389 DS user",
+                   '-c', DEFAULT_USER_COMMENT,
                     '-r',
                     '-d', home,
                     '-s', NOLOGIN,
@@ -858,6 +858,7 @@ class DirSrvTools(object):
     @staticmethod
     def lib389User(user=DEFAULT_USER):
         DirSrvTools.makeGroup(group=user)
+        time.sleep(1) # Need a little time for the group to get fully created
         DirSrvTools.makeUser(user=user, group=user, home=DEFAULT_USERHOME)
 
     @staticmethod
-- 
1.9.3