Merge "Remove default user for fingergw"

This commit is contained in:
Zuul 2019-03-12 01:16:09 +00:00 committed by Gerrit Code Review
commit 2f53cc216a
3 changed files with 12 additions and 4 deletions

View File

@ -845,11 +845,12 @@ sections of ``zuul.conf`` are used by the finger gateway:
the default value is highly recommended.
.. attr:: user
:default: zuul
User ID for the zuul-fingergw process. In normal operation as a
daemon, the finger gateway should be started as the ``root`` user, but
it will drop privileges to this user during startup.
daemon, the finger gateway should be started as the ``root``
user, but if this option is set, it will drop privileges to this
user during startup. It is recommended to set this option to an
unprivileged user.
Operation
~~~~~~~~~

View File

@ -0,0 +1,7 @@
---
upgrade:
- The ``user`` value in the ``[fingergw]`` configuration section
previously defaulted to ``zuul``, but now is unset by default,
which will cause fingergw not to drop privileges. It is
recommended that this value be explicitly set to an unprivileged
user.

View File

@ -63,7 +63,7 @@ class FingerGatewayApp(zuul.cmd.ZuulDaemonApp):
# Get values from configuration file
host = get_default(self.config, 'fingergw', 'listen_address', '::')
port = int(get_default(self.config, 'fingergw', 'port', 79))
user = get_default(self.config, 'fingergw', 'user', 'zuul')
user = get_default(self.config, 'fingergw', 'user', None)
cmdsock = get_default(
self.config, 'fingergw', 'command_socket',
'/var/lib/zuul/%s.socket' % self.app_name)