Hi Robert, yes, Jan is right. EPEL and xrootd.org RPMs both have what you ask for. Cheers, Lukasz On 06.11.2013 06:49, Jan Iven wrote: > On 11/05/2013 06:49 PM, Robert Blair wrote: >> We hit a small issue regarding yum, selinux and xrootd. Selinux is >> unhappy for two reasons: >> >> 1) the xrootd account has a uid>500 and a directory and files in /etc >> 2) the xrootd account has a real shell as its login shell rather than >> the usual /sbin/nologin for most such service accounts >> >> I gather that the xrootd team suggests just turning SElinux off. This >> is nice, but if the above two conditions are unnecessary it might be >> better still to just fix them. Are there good reasons for the above? > > The RPMs from xrootd.org (which nowadays should be same as EPEL) should > have all of the above the way you are asking for? > rpm -qp --scripts > http://xrootd.org/binaries/stable/slc/6/x86_64/xrootd-3.3.4-1.slc6.x86_64.rpm > [..] > getent group xrootd >/dev/null || groupadd -r xrootd > getent passwd xrootd >/dev/null || \ > useradd -r -g xrootd -c "XRootD runtime user" \ > -s /sbin/nologin -d /var/spool/xrootd xrootd > > > * "useradd -r": gives a system account=UID lower than the value of UID_MIN > * shell is /sbin/nologin > ? > cheers > jan > > ######################################################################## > Use REPLY-ALL to reply to list > > To unsubscribe from the XROOTD-L list, click the following link: > https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-L&A=1 > ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-L list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-L&A=1