summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorZuul <zuul@review.openstack.org>2019-03-12 01:16:09 +0000
committerGerrit Code Review <review@openstack.org>2019-03-12 01:16:09 +0000
commit2f53cc216ae445c455fc80fae0162294ae4abe5f (patch)
tree1f880cb5f28ca323527286afe5be845eff596112
parent176a569691697df75951fb3ff15a279625d07ef6 (diff)
parent27f872fb56d3c2859ae29e252b08d8076a630ed3 (diff)
Merge "Remove default user for fingergw"
-rw-r--r--doc/source/admin/components.rst7
-rw-r--r--releasenotes/notes/fingergw-user-f4edf5d300d78f56.yaml7
-rw-r--r--zuul/cmd/fingergw.py2
3 files changed, 12 insertions, 4 deletions
diff --git a/doc/source/admin/components.rst b/doc/source/admin/components.rst
index 1a7320e..75d59bc 100644
--- a/doc/source/admin/components.rst
+++ b/doc/source/admin/components.rst
@@ -845,11 +845,12 @@ sections of ``zuul.conf`` are used by the finger gateway:
845 the default value is highly recommended. 845 the default value is highly recommended.
846 846
847 .. attr:: user 847 .. attr:: user
848 :default: zuul
849 848
850 User ID for the zuul-fingergw process. In normal operation as a 849 User ID for the zuul-fingergw process. In normal operation as a
851 daemon, the finger gateway should be started as the ``root`` user, but 850 daemon, the finger gateway should be started as the ``root``
852 it will drop privileges to this user during startup. 851 user, but if this option is set, it will drop privileges to this
852 user during startup. It is recommended to set this option to an
853 unprivileged user.
853 854
854Operation 855Operation
855~~~~~~~~~ 856~~~~~~~~~
diff --git a/releasenotes/notes/fingergw-user-f4edf5d300d78f56.yaml b/releasenotes/notes/fingergw-user-f4edf5d300d78f56.yaml
new file mode 100644
index 0000000..f4fc75e
--- /dev/null
+++ b/releasenotes/notes/fingergw-user-f4edf5d300d78f56.yaml
@@ -0,0 +1,7 @@
1---
2upgrade:
3 - The ``user`` value in the ``[fingergw]`` configuration section
4 previously defaulted to ``zuul``, but now is unset by default,
5 which will cause fingergw not to drop privileges. It is
6 recommended that this value be explicitly set to an unprivileged
7 user.
diff --git a/zuul/cmd/fingergw.py b/zuul/cmd/fingergw.py
index 920eed8..92aac71 100644
--- a/zuul/cmd/fingergw.py
+++ b/zuul/cmd/fingergw.py
@@ -63,7 +63,7 @@ class FingerGatewayApp(zuul.cmd.ZuulDaemonApp):
63 # Get values from configuration file 63 # Get values from configuration file
64 host = get_default(self.config, 'fingergw', 'listen_address', '::') 64 host = get_default(self.config, 'fingergw', 'listen_address', '::')
65 port = int(get_default(self.config, 'fingergw', 'port', 79)) 65 port = int(get_default(self.config, 'fingergw', 'port', 79))
66 user = get_default(self.config, 'fingergw', 'user', 'zuul') 66 user = get_default(self.config, 'fingergw', 'user', None)
67 cmdsock = get_default( 67 cmdsock = get_default(
68 self.config, 'fingergw', 'command_socket', 68 self.config, 'fingergw', 'command_socket',
69 '/var/lib/zuul/%s.socket' % self.app_name) 69 '/var/lib/zuul/%s.socket' % self.app_name)