On 11/05/2013 06:49 PM, Robert Blair wrote: > We hit a small issue regarding yum, selinux and xrootd. Selinux is > unhappy for two reasons: > > 1) the xrootd account has a uid>500 and a directory and files in /etc > 2) the xrootd account has a real shell as its login shell rather than > the usual /sbin/nologin for most such service accounts > > I gather that the xrootd team suggests just turning SElinux off. This > is nice, but if the above two conditions are unnecessary it might be > better still to just fix them. Are there good reasons for the above? The RPMs from xrootd.org (which nowadays should be same as EPEL) should have all of the above the way you are asking for? rpm -qp --scripts http://xrootd.org/binaries/stable/slc/6/x86_64/xrootd-3.3.4-1.slc6.x86_64.rpm [..] getent group xrootd >/dev/null || groupadd -r xrootd getent passwd xrootd >/dev/null || \ useradd -r -g xrootd -c "XRootD runtime user" \ -s /sbin/nologin -d /var/spool/xrootd xrootd * "useradd -r": gives a system account=UID lower than the value of UID_MIN * shell is /sbin/nologin ? cheers jan ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-L list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-L&A=1