[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[Freeipa-devel] [PATCH] 975 don't delete system users we add



Don't call userdel during uninstall to delete any system users we create. If they are deleted and the system adds another user for some reason (package install, for example) then file ownership can get hosed.

rob
>From 4e119a008cc2a56f1aec2f48c05b859c7f11b68d Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten redhat com>
Date: Tue, 28 Feb 2012 23:05:06 -0500
Subject: [PATCH] Don't delete system users that are added during
 installation.

We don't want to run the risk of adding a user, uninstalling it,
the system adding a new user (for another package install for example)
and then re-installing IPA. This wreaks havoc with file and directory
ownership.

https://fedorahosted.org/freeipa/ticket/2423
---
 ipaserver/install/cainstance.py |   17 +++++++----------
 ipaserver/install/dsinstance.py |   10 +++-------
 2 files changed, 10 insertions(+), 17 deletions(-)

diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
index d2c8d0576fcc7a380bb9a303954d1d4503148a3b..97094c7f848172f210171ec4085df7570d92ed1d 100644
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -406,11 +406,9 @@ class CADSInstance(service.Service):
 
         user_exists = self.restore_state("user_exists")
 
-        if user_exists == False:
-            try:
-                ipautil.run(["/usr/sbin/userdel", PKI_DS_USER])
-            except ipautil.CalledProcessError, e:
-                root_logger.critical("failed to delete user %s" % e)
+        # At one time we removed this user on uninstall. That can potentially
+        # orphan files, or worse, if another useradd runs in the intermim,
+        # cause files to have a new owner.
 
 class CAInstance(service.Service):
     """
@@ -1065,11 +1063,10 @@ class CAInstance(service.Service):
             root_logger.critical("failed to uninstall CA instance %s" % e)
 
         user_exists = self.restore_state("user_exists")
-        if user_exists == False:
-            try:
-                ipautil.run(["/usr/sbin/userdel", PKI_USER])
-            except ipautil.CalledProcessError, e:
-                root_logger.critical("failed to delete user %s" % e)
+
+        # At one time we removed this user on uninstall. That can potentially
+        # orphan files, or worse, if another useradd runs in the intermim,
+        # cause files to have a new owner.
 
     def publish_ca_cert(self, location):
         args = ["-L", "-n", self.canickname, "-a"]
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index c66f2a7f11ad8b34ed8304a6465998f6d518a814..c62a0ffff7f1c32c7a043207b00e5ad4fdd5e8ef 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -626,13 +626,9 @@ class DsInstance(service.Service):
 
         user_exists = self.restore_state("user_exists")
 
-        if user_exists == False:
-            pent = pwd.getpwnam(DS_USER)
-            installutils.remove_file("/var/tmp/ldap_%d" % pent.pw_uid)
-            try:
-                ipautil.run(["/usr/sbin/userdel", DS_USER])
-            except ipautil.CalledProcessError, e:
-                root_logger.critical("failed to delete user %s" % e)
+        # At one time we removed this user on uninstall. That can potentially
+        # orphan files, or worse, if another useradd runs in the intermim,
+        # cause files to have a new owner.
 
         # Make sure some upgrade-related state is removed. This could cause
         # re-installation problems.
-- 
1.7.6


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]