FS#49242 - [gssproxy] gssproxy.service fails to start when user apache does not exist

Attached to Project: Arch Linux
Opened by Leonid Isaev (lisaev) - Saturday, 07 May 2016, 01:29 GMT
Last edited by Andreas Radke (AndyRTR) - Tuesday, 10 May 2016, 20:19 GMT
Task Type Bug Report
Category Packages: Testing
Status Closed
Assigned To Andreas Radke (AndyRTR)
Architecture All
Severity Medium
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

testing/gssproxy 0.5.0-2 introduced /etc/gssproxy/80-httpd.conf that contains "euid = apache". If there is no such user, gssproxy fails to start:
----------
$ grep -m 2 gssproxy /var/log/errors.log
2016-05-05T13:37:54.000-06:00 takahe gssproxy: Option 'euid' is missing from [service/HTTP].
2016-05-05T13:37:54.000-06:00 takahe gssproxy: Error reading configuration 22: Invalid argument
----------
and the service fails to start.

Note that gssproxy.service is wanted by nfs-server:
----------
$ systemctl show nfs-server.service | grep Wants
Wants=... auth-rpcgss-module.service ...
$ systemctl show auth-rpcgss-module.service | grep Wants
Wants=gssproxy.service ...
----------

I understand that this is essentially a question about default config, but its still annoying... Is it possible to comment out the entire 80-httpd.conf? I don't know which package installs the apache user...

Thanks!
This task depends upon

Closed by  Andreas Radke (AndyRTR)
Tuesday, 10 May 2016, 20:19 GMT
Reason for closing:  Fixed
Additional comments about closing:  0.5.0-3
fixed by using http user in the conf file
Comment by Andreas Radke (AndyRTR) - Saturday, 07 May 2016, 07:20 GMT
We just ship plain upstream configuration. Feel free to comment out all in /etc/gssproxy/80-httpd.conf.

User that run apache and don't wand nfs will have to do the same the other way round.

The other possible way would be to ship the files as *.conf.example files but this would not allow to track them via pacman .pacnew
and backup option.
Comment by Andreas Radke (AndyRTR) - Saturday, 07 May 2016, 13:45 GMT
https://wiki.archlinux.org/index.php/DeveloperWiki:UID_/_GID_Database

Because we have no pkg with apache user I guess we can change "apache" user simply to "http" user. Works well here.
If you've never installed any webserver package on your system it should be fine to fully comment out 80-httpd.conf.
Comment by Leonid Isaev (lisaev) - Saturday, 07 May 2016, 20:59 GMT
Yes, putting euid = http or euid = 33 works because it is in passwd. But why not indeed just ship *.conf.example files? It seems that gssproxy decided to use udev style configs, but those should go to /usr/lib/gssproxy.d or smth. Then in /etc/ a user could mask them.

I guess either way is OK as long as an update wouldn't break existing machines. Thx again for a quick response!

Loading...