On Wed, 2015-09-23 at 13:37 +0200, Jan Cholasta wrote: > On 23.9.2015 12:49, Christian Heimes wrote: > > On 2015-09-23 12:40, Jan Cholasta wrote: > >> On 23.9.2015 11:44, Christian Heimes wrote: > >>> On 2015-09-23 10:54, Jan Cholasta wrote: > >>>>> Correction, the HTTP server works, but it spits lots of errors in > >>>>> error_log about /var/lib/kdcproxy not existing. > >>>>> > >>>>> Is the KDCProxy supposed to be installked/enabled on upgrade ? > >>>>> If not, why not ? > >>>>> Even if it is not enabled, shouldn't the user be created just in case ? > >>>> > >>>> Fixed, patch attached. > >>> > >>> I haven't tested the patch yet. It looks like the kdcproxy user doesn't > >>> own its home directory. Please chown /var/lib/kdcproxy. > >> > >> I can't chown it because the user may not exist at RPM install time. It > >> doesn't matter anyway, since nothing is ever stored in the directory and > >> KDC proxy works just fine. The same thing is done for the DS user and > >> nobody complained so far, so I assumed it should be OK for KDC proxy as > >> well. > > > > I think we have a slight misunderstanding here. :) Of course you can't > > set the owner at RPM install time. I wasn't talking about chown-ing the > > directory in RPM, but chown-ing the directory after or inside the > > tasks.create_system_user() call. Sorry for the confusion! > > > > AFAIK neither mod_wsgi nor python-kdcproxy need a writeable home > > directory. It's not guaranteed for eternity, though. > > OK. Updated patch attached. Added patch 496, please apply before 495.
We have 2 options: 1. Home is created and chowned at user creation time 2. Home is owned by RPM packages. The option we do *not* have is to have RPM own the directory and then chown it later. Simo. -- Simo Sorce * Red Hat, Inc * New York -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code