On 11/05/2013 06:49 PM, Robert Blair wrote:
> We hit a small issue regarding yum, selinux and xrootd. Selinux is
> unhappy for two reasons:
>
> 1) the xrootd account has a uid>500 and a directory and files in /etc
> 2) the xrootd account has a real shell as its login shell rather than
> the usual /sbin/nologin for most such service accounts
>
> I gather that the xrootd team suggests just turning SElinux off. This
> is nice, but if the above two conditions are unnecessary it might be
> better still to just fix them. Are there good reasons for the above?
The RPMs from xrootd.org (which nowadays should be same as EPEL) should
have all of the above the way you are asking for?
rpm -qp --scripts
http://xrootd.org/binaries/stable/slc/6/x86_64/xrootd-3.3.4-1.slc6.x86_64.rpm
[..]
getent group xrootd >/dev/null || groupadd -r xrootd
getent passwd xrootd >/dev/null || \
useradd -r -g xrootd -c "XRootD runtime user" \
-s /sbin/nologin -d /var/spool/xrootd xrootd
* "useradd -r": gives a system account=UID lower than the value of UID_MIN
* shell is /sbin/nologin
?
cheers
jan
########################################################################
Use REPLY-ALL to reply to list
To unsubscribe from the XROOTD-L list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-L&A=1
