 |
 |
Hi Robert, The decisions are arbitrary. You can give the xrootd user whatever uid you want (other than 0). If you don't plan to login using the "xrootd" user then a nologin shell is just fine (mind you that means using "root" to handle core and likely log files). The current setup appeals to the majority of users. Andy -----Original Message----- From: Robert Blair Sent: Tuesday, November 05, 2013 9:49 AM To: [log in to unmask] Subject: xrootd account -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 We hit a small issue regarding yum, selinux and xrootd. Selinux is unhappy for two reasons: 1) the xrootd account has a uid>500 and a directory and files in /etc 2) the xrootd account has a real shell as its login shell rather than the usual /sbin/nologin for most such service accounts I gather that the xrootd team suggests just turning SElinux off. This is nice, but if the above two conditions are unnecessary it might be better still to just fix them. Are there good reasons for the above? Thanks in advance for a reply, Bob Blair -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEcBAEBAgAGBQJSeS+3AAoJEPQM1KNWz8QadFQH/2qnuKyv+lqdxTC+6OR7PiwZ Pyov+qwNzDTZS79HIFmWC9MXQOY5ZjICh87Z9nihBrviPt7Pq73vV2MW7cn2nY8L jkt83pkaAoBCUx3eUwqQ4gQhlMx0mcGnSDlOyDg3kNk8T6/wscBcw7zB5Fxcyg7x Ni+LTCMvwzL+YYlff7p6+pzLA3X1PFvX2pJAar3w05DvuMYBO/QKjg+ejBHeIwDS RoesOIKYkxf/NxaBSWplFQnvkMntIcDFnqdWYUFMyNtp4x2yETv0n8Pz6DKmIV+r uXSdkafXuoHROfFfb5/upZOXU1ddDaYSzOHVz8cxV7XnuBrHmfMnSj1W4f3XTpI= =xef9 -----END PGP SIGNATURE----- ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-L list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-L&A=1 ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-L list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-L&A=1