On 2016-11-11 18:33, Rob Crittenden wrote:
> Martin Basti wrote:
>> 2) if I understand correctly, you want to separate client installer code
>> and client CLI code. In past we had freeipa-admintools but it was
>> removed because it was really tightly bounded to installed client. Do
>> you want to revive it and make it independent?
> The admintools package consisted only of the ipa command so I don't see
> the relevance.
> This should have no impact on the installers. I think the only proposal
> is to ignore the IPA_CONFDIR variable in all installer contexts. I think
> I'd prefer it if it were simply wiped from the environment on startup of
> *install commands prior to bootstrap so it can't leak it at all.

With the latest patch, all installers, updaters and similar tools with
an exception when a IPA_CONFDIR env var is present. I have also
considered to fail for geteuid() == 0. On the other hand the env var is
useful for containered application and people sure love to run all their
containers as root.

Attachment: signature.asc
Description: OpenPGP digital signature

Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to