Service user in the manual

Hey,

while I was reading manual today, I noticed this part:

http://theforeman.org/manuals/1.3/index.html#4.3.7SSL

It recommends to do:

[main]
privatekeydir = $ssldir/private_keys { group = service }
hostprivkey = $privatekeydir/$certname.pem { mode = 640 }

But on RHEL (and Fedora?) there is no "service" group installed. At
least on my clean system with Foreman installed. I would expect "puppet"
group there.

Opinions?

··· -- Later,

Lukas “lzap” Zapletal
irc: lzap #theforeman

It's not meant to be a real group. This is the correct syntax, but yes,
we all think it's weird :slight_smile:

Greg

··· On 16 January 2014 20:22, Lukas Zapletal wrote:

Hey,

while I was reading manual today, I noticed this part:

Foreman :: Manual

It recommends to do:

[main]
privatekeydir = $ssldir/private_keys { group = service }
hostprivkey = $privatekeydir/$certname.pem { mode = 640 }

But on RHEL (and Fedora?) there is no “service” group installed. At
least on my clean system with Foreman installed. I would expect "puppet"
group there.

Opinions?

We've had so many questions about it, I added a note explaining it in a
later section. Please feel free to copy it into 4.3.7 too :slight_smile:

Note, this is now the default file mode in Puppet 3.5.

··· On 16/01/14 21:19, Greg Sutcliffe wrote: > On 16 January 2014 20:22, Lukas Zapletal > wrote: > > Hey, > > while I was reading manual today, I noticed this part: > > http://theforeman.org/manuals/1.3/index.html#4.3.7SSL > > It recommends to do: > > [main] > privatekeydir = $ssldir/private_keys { group = service } > hostprivkey = $privatekeydir/$certname.pem { mode = 640 } > > But on RHEL (and Fedora?) there is no "service" group installed. At > least on my clean system with Foreman installed. I would expect "puppet" > group there. > > Opinions? > > > It's not meant to be a real group. This *is* the correct syntax, but > yes, we all think it's weird :)


Dominic Cleal
Red Hat Engineering