590d18
From 8a866620f36356e570dcee332db6f487837435a6 Mon Sep 17 00:00:00 2001
590d18
From: Jan Cholasta <jcholast@redhat.com>
590d18
Date: Wed, 23 Sep 2015 10:35:06 +0200
590d18
Subject: [PATCH] install: fix kdcproxy user home directory
590d18
590d18
https://fedorahosted.org/freeipa/ticket/5314
590d18
590d18
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
590d18
---
590d18
 freeipa.spec.in                   | 1 +
590d18
 ipaplatform/base/paths.py         | 1 +
590d18
 ipaserver/install/httpinstance.py | 4 +++-
590d18
 3 files changed, 5 insertions(+), 1 deletion(-)
590d18
590d18
diff --git a/freeipa.spec.in b/freeipa.spec.in
590d18
index 530f6141872804ab3801f2da6271fce0d9308a09..6527109b422a1e3065d5a540c3e2a3af670f2ebf 100644
590d18
--- a/freeipa.spec.in
590d18
+++ b/freeipa.spec.in
590d18
@@ -702,6 +702,7 @@ fi
590d18
 %{_libexecdir}/ipa/ipa-dnskeysync-replica
590d18
 %{_libexecdir}/ipa/ipa-ods-exporter
590d18
 %{_libexecdir}/ipa/ipa-httpd-kdcproxy
590d18
+%ghost %verify(not owner group) %dir %{_sharedstatedir}/kdcproxy
590d18
 %config(noreplace) %{_sysconfdir}/sysconfig/ipa_memcached
590d18
 %config(noreplace) %{_sysconfdir}/sysconfig/ipa-dnskeysyncd
590d18
 %config(noreplace) %{_sysconfdir}/sysconfig/ipa-ods-exporter
590d18
diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py
590d18
index 97c330c31844fcf19bec2e96bf2b23cba5f7f3f0..215caf90ea1ca4e5db8f43f8f09002ce5d5cd280 100644
590d18
--- a/ipaplatform/base/paths.py
590d18
+++ b/ipaplatform/base/paths.py
590d18
@@ -286,6 +286,7 @@ class BasePathNamespace(object):
590d18
     REPLICA_INFO_GPG_TEMPLATE = "/var/lib/ipa/replica-info-%s.gpg"
590d18
     SYSRESTORE = "/var/lib/ipa/sysrestore"
590d18
     STATEFILE_DIR = "/var/lib/ipa/sysupgrade"
590d18
+    VAR_LIB_KDCPROXY = "/var/lib/kdcproxy"
590d18
     VAR_LIB_PKI_DIR = "/var/lib/pki"
590d18
     VAR_LIB_PKI_CA_DIR = "/var/lib/pki-ca"
590d18
     PKI_ALIAS_CA_P12 = "/var/lib/pki-ca/alias/ca.p12"
590d18
diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py
590d18
index 4f2902e1b1ac03d9c6bd1949b66ede9abb5be28e..f55e698f7eb3d8f8aa603f99d750a009a806b70a 100644
590d18
--- a/ipaserver/install/httpinstance.py
590d18
+++ b/ipaserver/install/httpinstance.py
590d18
@@ -83,8 +83,10 @@ def create_kdcproxy_user():
590d18
     tasks.create_system_user(
590d18
         name=KDCPROXY_USER,
590d18
         group=KDCPROXY_USER,
590d18
-        homedir=paths.VAR_LIB,
590d18
+        homedir=paths.VAR_LIB_KDCPROXY,
590d18
         shell=paths.NOLOGIN,
590d18
+        comment="IPA KDC Proxy User",
590d18
+        create_homedir=True,
590d18
     )
590d18
 
590d18
 
590d18
-- 
590d18
2.4.3
590d18