On 06/20/2013 05:15 PM, Tomas Babej wrote:
> Hi,
> Spec file modified so that /var/lib/ipa/pki-ca/publish/ is owned
> by pkiuser group.
> https://fedorahosted.org/freeipa/ticket/3727
> Tomas

NACK. This won't fly. pkiuser is created by FreeIPA when server is installed,
thus you cannot just simply change ownership in our spec file because in the
time when package is installed or updated, pkiuser may not exist.

I think you need to delete the %attr from spec file and set the correct
ownership during ipa-{server,ca}-install. When CA is configured, we should also
probably let ipa-upgradeconfig check this directory and amend when necessary
(to fix affected IPA CA instances).


Freeipa-devel mailing list

Reply via email to