[Freeipa-devel] Question about XML/RPC backend
Rob Crittenden
rcritten at redhat.com
Thu Mar 6 14:20:40 UTC 2008
W. Michael Petullo wrote:
> I am trying to learn the FreeIPA architecture. Most of it makes sense. I
> do have one question. How does the XML/RPC backend manipulate system
> configuration files when the Apache process is not run as root?
>
The XML-RPC backend doesn't write any configuration files. At most it
writes to LDAP, binding as the user that made the XML-RPC request.
Apache does not run as root, it runs as apache (or nobody or something
else) on most systems. It starts as root so it can bind ports < 1024
then drops privs. See the User directive in httpd.conf.
The Apache configuration files are created/modified during the
ipa-server-install step which needs to be done as root.
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20080306/b27951b5/attachment.bin>
More information about the Freeipa-devel
mailing list