Bug 538525

Summary: Ability to create instance as non-root user
Product: [Retired] 389 Reporter: Endi Sukma Dewata <edewata>
Component: Install/UninstallAssignee: Nathan Kinder <nkinder>
Status: CLOSED CURRENTRELEASE QA Contact: Viktor Ashirov <vashirov>
Severity: high Docs Contact:
Priority: high    
Version: 1.3.0CC: amsharma, nhosoi, nkinder, rmeggins
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-12-07 16:52:57 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 543590    
Attachments:
Description Flags
0001-Bug-538525-Ability-to-create-instance-as-non-root-us.patch rmeggins: review+

Description Endi Sukma Dewata 2009-11-18 18:36:41 UTC 
Currently to create a DS instance the setup-ds.pl has to be run as root user because it writes to system folders such as /etc/sysconfig/dirsrv-xxx. However, in some cases such as the automated testing in Samba build farm the DS instance needs to be created as a non-root user. To solve this problem any system folders used by the script need to be made configurable, e.g. via command line parameters.

Note: Samba testing will still work using the root user.

To reproduce the problem, create a .inf file similar to the following:

[General]
SuiteSpotUserID = build
FullMachineName=   localdc1.samba.example.com
ServerRoot=   /home/build/Samba/samba/source4/st/dc/private/ldap

[slapd]
ldapifilepath=/home/build/Samba/samba/source4/st/dc/private/ldap/ldapi
Suffix= DC=samba,DC=example,DC=com
RootDN= CN=Manager,DC=samba,DC=example,DC=com
RootDNPwd= Secret123
ServerIdentifier= samba4

inst_dir= /home/build/Samba/samba/source4/st/dc/private/ldap/slapd-samba4
config_dir= /home/build/Samba/samba/source4/st/dc/private/ldap/slapd-samba4
schema_dir= /home/build/Samba/samba/source4/st/dc/private/ldap/slapd-samba4/schema
lock_dir= /home/build/Samba/samba/source4/st/dc/private/ldap/slapd-samba4/lock
log_dir= /home/build/Samba/samba/source4/st/dc/private/ldap/slapd-samba4/logs
run_dir= /home/build/Samba/samba/source4/st/dc/private/ldap/slapd-samba4/logs
db_dir= /home/build/Samba/samba/source4/st/dc/private/ldap/slapd-samba4/db
bak_dir= /home/build/Samba/samba/source4/st/dc/private/ldap/slapd-samba4/bak
tmp_dir= /home/build/Samba/samba/source4/st/dc/private/ldap/slapd-samba4/tmp
ldif_dir= /home/build/Samba/samba/source4/st/dc/private/ldap/slapd-samba4/ldif
cert_dir= /home/build/Samba/samba/source4/st/dc/private/ldap/slapd-samba4

Make sure all paths point to user folders. Then as a non-root user execute the following command:

setup-ds.pl --file=samba4.inf --silent

The command will fail with the following message:
  
Could not open the script template file '/etc/sysconfig/dirsrv-samba4'.  Error: Permission denied
Error: Could not create directory server instance 'samba4'.
Exiting . . .
Log file is '/tmp/setuphaOALE.log'

When the additional parameter is specified, the command should work and the file should be stored in the specified location instead of /etc/sysconfig/dirsrv-xxx.
Comment 1 Endi Sukma Dewata 2009-11-21 05:01:00 UTC 
This bug will also cause a problem when you create 2 different instances using the same instance name eventhough they are located in separate directories. The configuration file (/etc/sysconfig/dirsrv-xxx) of the first instance will be overwritten by the second one.
Comment 2 Endi Sukma Dewata 2010-03-09 17:34:34 UTC 
Created attachment 398875 [details]
0001-Bug-538525-Ability-to-create-instance-as-non-root-us.patch

Proposed patch.
Comment 3 Rich Megginson 2010-03-11 16:00:34 UTC 
To ssh://git.fedorahosted.org/git/389/ds.git
   2db1f5a..7701c56  master -> master

commit 7701c5626647ddfa44e4f4b11a11d3c384beffa7
Author: Endi S. Dewata <edewata>
Date:   Tue Mar 9 10:56:34 2010 -0600
Comment 4 Amita Sharma 2011-05-25 10:57:05 UTC 
Please add the verification steps, thanks.
Comment 5 Rich Megginson 2011-05-26 13:27:56 UTC 
(In reply to comment #4)
> Please add the verification steps, thanks.

Yes.  Run setup-ds.pl -u -s -f file.inf where file.inf is  similar to the one in comment #0, while logged in as a non-root user. It should create  the server, and you should have an instance config file in ~/.dirsrv/dirsrv-instname
Comment 10 Amita Sharma 2011-05-30 07:21:16 UTC 
[amsharma@testvm data]$ setup-ds.pl --file=samba4.inf --silent
restorecon:  unable to read directory /var/lock/dirsrv/slapd-testvm
restorecon:  unable to read directory /var/log/dirsrv/slapd-testvm
restorecon:  unable to read directory /var/log/dirsrv/admin-serv
restorecon:  unable to read directory /var/run/dirsrv
restorecon:  unable to read directory /var/lib/dirsrv/slapd-testvm
Your new DS instance 'samba4' was successfully created.
Exiting . . .
Log file is '/tmp/setupQ8X10E.log'