Remove default user for fingergw
We're presuming, by default, that a user named "zuul" exists, which is not the case in some environments. Change the default to avoid dropping privileges, and require that this be explicitly set in order to do so. Change-Id: Ia677d2615dd9292a809df4c8859a60b7f4df6243
This commit is contained in:
parent
9019158139
commit
27f872fb56
|
@ -845,11 +845,12 @@ sections of ``zuul.conf`` are used by the finger gateway:
|
|||
the default value is highly recommended.
|
||||
|
||||
.. attr:: user
|
||||
:default: zuul
|
||||
|
||||
User ID for the zuul-fingergw process. In normal operation as a
|
||||
daemon, the finger gateway should be started as the ``root`` user, but
|
||||
it will drop privileges to this user during startup.
|
||||
daemon, the finger gateway should be started as the ``root``
|
||||
user, but if this option is set, it will drop privileges to this
|
||||
user during startup. It is recommended to set this option to an
|
||||
unprivileged user.
|
||||
|
||||
Operation
|
||||
~~~~~~~~~
|
||||
|
|
|
@ -0,0 +1,7 @@
|
|||
---
|
||||
upgrade:
|
||||
- The ``user`` value in the ``[fingergw]`` configuration section
|
||||
previously defaulted to ``zuul``, but now is unset by default,
|
||||
which will cause fingergw not to drop privileges. It is
|
||||
recommended that this value be explicitly set to an unprivileged
|
||||
user.
|
|
@ -63,7 +63,7 @@ class FingerGatewayApp(zuul.cmd.ZuulDaemonApp):
|
|||
# Get values from configuration file
|
||||
host = get_default(self.config, 'fingergw', 'listen_address', '::')
|
||||
port = int(get_default(self.config, 'fingergw', 'port', 79))
|
||||
user = get_default(self.config, 'fingergw', 'user', 'zuul')
|
||||
user = get_default(self.config, 'fingergw', 'user', None)
|
||||
cmdsock = get_default(
|
||||
self.config, 'fingergw', 'command_socket',
|
||||
'/var/lib/zuul/%s.socket' % self.app_name)
|
||||
|
|
Loading…
Reference in New Issue