An update plugin needed root privileges, and aborted the update if an
ordinary user user ran it.
With this patch the plugin is skipped with a warning in that case.
https://fedorahosted.org/freeipa/ticket/2621
--
PetrĀ³
From c525b9e90055ba01fee0a9402512c150cc2ced9d Mon Sep 17 00:00:00 2001
From: Petr Viktorin <pvikt...@redhat.com>
Date: Wed, 30 May 2012 08:08:24 -0400
Subject: [PATCH] Skip the fix_replica_memberof updater plugin for non-root
users
The plugin does a SASL EXTERNAL bind, for which it needs root privileges.
Skip the plugin with a warning if run as a non-root user.
https://fedorahosted.org/freeipa/ticket/2621
---
ipaserver/install/plugins/fix_replica_memberof.py | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/ipaserver/install/plugins/fix_replica_memberof.py b/ipaserver/install/plugins/fix_replica_memberof.py
index 04152d36021f7d962b335a7553861a13ba03a769..8dd3ed8b406e70cce55e7c338cdc0c5cdcfb4866 100644
--- a/ipaserver/install/plugins/fix_replica_memberof.py
+++ b/ipaserver/install/plugins/fix_replica_memberof.py
@@ -39,6 +39,10 @@ def execute(self, **options):
'krbloginfailedcount')
excludes = ('memberof', ) + totalexcludes
+ if os.geteuid() != 0:
+ self.log.warning("Updating replica memberof needs root privileges")
+ return False, False, [] # No restart, no apply now, no updates
+
# We need an IPAdmin connection to the backend
conn = ipaldap.IPAdmin(api.env.host, ldapi=True, realm=api.env.realm)
conn.do_external_bind(pwd.getpwuid(os.geteuid()).pw_name)
--
1.7.10.2
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
