On 2015-09-23 12:40, Jan Cholasta wrote:
> On 23.9.2015 11:44, Christian Heimes wrote:
>> On 2015-09-23 10:54, Jan Cholasta wrote:
>>>> Correction, the HTTP server works, but it spits lots of errors in
>>>> error_log about /var/lib/kdcproxy not existing.
>>>>
>>>> Is the KDCProxy supposed to be installked/enabled on upgrade ?
>>>> If not, why not ?
>>>> Even if it is not enabled, shouldn't the user be created just in case ?
>>>
>>> Fixed, patch attached.
>>
>> I haven't tested the patch yet. It looks like the kdcproxy user doesn't
>> own its home directory. Please chown /var/lib/kdcproxy.
> 
> I can't chown it because the user may not exist at RPM install time. It
> doesn't matter anyway, since nothing is ever stored in the directory and
> KDC proxy works just fine. The same thing is done for the DS user and
> nobody complained so far, so I assumed it should be OK for KDC proxy as
> well.

I think we have a slight misunderstanding here. :) Of course you can't
set the owner at RPM install time. I wasn't talking about chown-ing the
directory in RPM, but chown-ing the directory after or inside the
tasks.create_system_user() call. Sorry for the confusion!

AFAIK neither mod_wsgi nor python-kdcproxy need a writeable home
directory. It's not guaranteed for eternity, though.

Christian

Attachment: signature.asc
Description: OpenPGP digital signature

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to