https://fedorahosted.org/freeipa/ticket/5712 -- David Kupka
From 00959a382a34bfd77539443cd51b8033ca9c3ee1 Mon Sep 17 00:00:00 2001 From: David Kupka <dku...@redhat.com> Date: Tue, 22 Mar 2016 09:40:43 +0100 Subject: [PATCH] Look up HTTPD_USER's UID and GID during installation.
Those values differ among distributions and there is no guarantee that they're reserved. It's better to look them up based on HTTPD_USER's name. https://fedorahosted.org/freeipa/ticket/5712 --- install/share/custodia.conf.template | 4 ++-- ipaserver/install/custodiainstance.py | 6 +++++- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/install/share/custodia.conf.template b/install/share/custodia.conf.template index 688229a50854cd9521b0ae323f30a1c5b729b26f..d9de4d77f90931c089f2179731783430f85ed6f1 100644 --- a/install/share/custodia.conf.template +++ b/install/share/custodia.conf.template @@ -5,8 +5,8 @@ auditlog = $IPA_CUSTODIA_AUDIT_LOG [auth:simple] handler = custodia.httpd.authenticators.SimpleCredsAuth -uid = 48 -gid = 48 +uid = $UID +gid = $GID [auth:header] handler = custodia.httpd.authenticators.SimpleHeaderAuth diff --git a/ipaserver/install/custodiainstance.py b/ipaserver/install/custodiainstance.py index dbe36af6d7af23fa859dcb78f3dc24224fd8fd07..424e0797b682d312c07ebf86a13c27164cae6faf 100644 --- a/ipaserver/install/custodiainstance.py +++ b/ipaserver/install/custodiainstance.py @@ -3,6 +3,7 @@ from ipapython.secrets.kem import IPAKEMKeys from ipapython.secrets.client import CustodiaClient from ipaplatform.paths import paths +from ipaplatform.constants import constants from service import SimpleServiceInstance from ipapython import ipautil from ipapython.ipa_log_manager import root_logger @@ -14,6 +15,7 @@ from jwcrypto.common import json_decode import shutil import os import tempfile +import pwd class CustodiaInstance(SimpleServiceInstance): @@ -30,10 +32,12 @@ class CustodiaInstance(SimpleServiceInstance): def __config_file(self): template_file = os.path.basename(self.config_file) + '.template' template = os.path.join(ipautil.SHARE_DIR, template_file) + httpd_info = pwd.getpwnam(constants.HTTPD_USER) sub_dict = dict(IPA_CUSTODIA_CONF_DIR=paths.IPA_CUSTODIA_CONF_DIR, IPA_CUSTODIA_SOCKET=paths.IPA_CUSTODIA_SOCKET, IPA_CUSTODIA_AUDIT_LOG=paths.IPA_CUSTODIA_AUDIT_LOG, - LDAP_URI=installutils.realm_to_ldapi_uri(self.realm)) + LDAP_URI=installutils.realm_to_ldapi_uri(self.realm), + UID=httpd_info.pw_uid, GID=httpd_info.pw_gid) conf = ipautil.template_file(template, sub_dict) fd = open(self.config_file, "w+") fd.write(conf) -- 2.5.5
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code