Browse Source

Merge "Remove default user for fingergw"

tags/3.7.0
Zuul 2 months ago
parent
commit
2f53cc216a

+ 4
- 3
doc/source/admin/components.rst View File

@@ -845,11 +845,12 @@ sections of ``zuul.conf`` are used by the finger gateway:
845 845
       the default value is highly recommended.
846 846
 
847 847
    .. attr:: user
848
-      :default: zuul
849 848
 
850 849
       User ID for the zuul-fingergw process. In normal operation as a
851
-      daemon, the finger gateway should be started as the ``root`` user, but
852
-      it will drop privileges to this user during startup.
850
+      daemon, the finger gateway should be started as the ``root``
851
+      user, but if this option is set, it will drop privileges to this
852
+      user during startup.  It is recommended to set this option to an
853
+      unprivileged user.
853 854
 
854 855
 Operation
855 856
 ~~~~~~~~~

+ 7
- 0
releasenotes/notes/fingergw-user-f4edf5d300d78f56.yaml View File

@@ -0,0 +1,7 @@
1
+---
2
+upgrade:
3
+  - The ``user`` value in the ``[fingergw]`` configuration section
4
+    previously defaulted to ``zuul``, but now is unset by default,
5
+    which will cause fingergw not to drop privileges.  It is
6
+    recommended that this value be explicitly set to an unprivileged
7
+    user.

+ 1
- 1
zuul/cmd/fingergw.py View File

@@ -63,7 +63,7 @@ class FingerGatewayApp(zuul.cmd.ZuulDaemonApp):
63 63
         # Get values from configuration file
64 64
         host = get_default(self.config, 'fingergw', 'listen_address', '::')
65 65
         port = int(get_default(self.config, 'fingergw', 'port', 79))
66
-        user = get_default(self.config, 'fingergw', 'user', 'zuul')
66
+        user = get_default(self.config, 'fingergw', 'user', None)
67 67
         cmdsock = get_default(
68 68
             self.config, 'fingergw', 'command_socket',
69 69
             '/var/lib/zuul/%s.socket' % self.app_name)

Loading…
Cancel
Save