On Thu, Mar 19, 2015 at 12:25:52PM +0100, Pierre-Yves Chibon wrote: > On Thu, Mar 19, 2015 at 10:44:32AM +0100, Adrian Reber wrote: > > Right now the MM2 backend and MM2 crawler cronjobs in staging are all > > running as root. This seems unnecessary and I would like to change it to > > the user mirrormanager (like it is on the mirrorlist server). > > > > The mirrorlist has in the systemd service the user and group > > mirrormanager mentioned. I would like to create this user in the RPM for > > the mirrorlist, backend and crawler sub-package and also change the cron > > definitions. > > > > It would also be possible to create the user in ansible. What would > > make more sense? Ansible sound easier but for me it would make more > > sense in the RPM. > > The RPM sounds like the better place for me.
I will adapt the specfile and submit a pull request.
> Would this user be able to read the MM2 configuration file though? Because we
> do
> not want to make the file world readable while the crons need it otherwise
> they
> won't be able to query the DB.
If the file is 640 and root:mirrormanager the crons can read the file
but nobody else.
Adrian
pgpKStvTe90YX.pgp
Description: PGP signature
_______________________________________________ infrastructure mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/infrastructure
