Hi Robert,
yes, Jan is right. EPEL and xrootd.org RPMs both have what you ask for.
Cheers,
Lukasz
On 06.11.2013 06:49, Jan Iven wrote:
> On 11/05/2013 06:49 PM, Robert Blair wrote:
>> We hit a small issue regarding yum, selinux and xrootd. Selinux is
>> unhappy for two reasons:
>>
>> 1) the xrootd account has a uid>500 and a directory and files in /etc
>> 2) the xrootd account has a real shell as its login shell rather than
>> the usual /sbin/nologin for most such service accounts
>>
>> I gather that the xrootd team suggests just turning SElinux off. This
>> is nice, but if the above two conditions are unnecessary it might be
>> better still to just fix them. Are there good reasons for the above?
>
> The RPMs from xrootd.org (which nowadays should be same as EPEL) should
> have all of the above the way you are asking for?
> rpm -qp --scripts
> http://xrootd.org/binaries/stable/slc/6/x86_64/xrootd-3.3.4-1.slc6.x86_64.rpm
> [..]
> getent group xrootd >/dev/null || groupadd -r xrootd
> getent passwd xrootd >/dev/null || \
> useradd -r -g xrootd -c "XRootD runtime user" \
> -s /sbin/nologin -d /var/spool/xrootd xrootd
>
>
> * "useradd -r": gives a system account=UID lower than the value of UID_MIN
> * shell is /sbin/nologin
> ?
> cheers
> jan
>
> ########################################################################
> Use REPLY-ALL to reply to list
>
> To unsubscribe from the XROOTD-L list, click the following link:
> https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-L&A=1
>
########################################################################
Use REPLY-ALL to reply to list
To unsubscribe from the XROOTD-L list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-L&A=1
