On Thu, Mar 19, 2015 at 12:25:52PM +0100, Pierre-Yves Chibon wrote: > On Thu, Mar 19, 2015 at 10:44:32AM +0100, Adrian Reber wrote: > > Right now the MM2 backend and MM2 crawler cronjobs in staging are all > > running as root. This seems unnecessary and I would like to change it to > > the user mirrormanager (like it is on the mirrorlist server). > > > > The mirrorlist has in the systemd service the user and group > > mirrormanager mentioned. I would like to create this user in the RPM for > > the mirrorlist, backend and crawler sub-package and also change the cron > > definitions. > > > > It would also be possible to create the user in ansible. What would > > make more sense? Ansible sound easier but for me it would make more > > sense in the RPM. > > The RPM sounds like the better place for me. I will adapt the specfile and submit a pull request. > Would this user be able to read the MM2 configuration file though? Because we do > not want to make the file world readable while the crons need it otherwise they > won't be able to query the DB. If the file is 640 and root:mirrormanager the crons can read the file but nobody else. Adrian
Attachment:
pgpV9pbMlXc5V.pgp
Description: PGP signature
_______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/infrastructure
