Create home directory for default PKI user

The RPM spec has been modified to create a home directory for the default PKI user if it does not exist. The home directory can be used to store files that should be owned/accessible by PKI user (e.g. SoftHSM tokens, systemd user services) so they cannot be stored in root user's home directory. #4501
dogtagpki · Jun 4, 2024 · e41fb0d · e41fb0d
1 parent db7c5a7
commit e41fb0d
Showing 1 changed file with 14 additions and 1 deletion.
diff --git a/pki.spec b/pki.spec
@@ -135,7 +135,7 @@ ExcludeArch: i686
 %define pki_uid 17
 %define pki_groupname pkiuser
 %define pki_gid 17
-%define pki_homedir /usr/share/pki
+%define pki_homedir /home/%{pki_username}
 
 %global saveFileContext() \
 if [ -s /etc/selinux/config ]; then \
@@ -1115,10 +1115,23 @@ pkgs=base\
 %if %{with server}
 
 %pre -n %{product_id}-server
+
+# create PKI group if it doesn't exist
 getent group %{pki_groupname} >/dev/null || groupadd -f -g %{pki_gid} -r %{pki_groupname}
+
+# create PKI user if it doesn't exist
 if ! getent passwd %{pki_username} >/dev/null ; then
     useradd -r -u %{pki_uid} -g %{pki_groupname} -d %{pki_homedir} -s /sbin/nologin -c "Certificate System" %{pki_username}
 fi
+
+# create PKI home directory if it doesn't exist
+if [ ! -d %{pki_homedir} ] ; then
+    cp -ar /etc/skel %{pki_homedir}
+    chown -R %{pki_username}:%{pki_groupname} %{pki_homedir}
+    chmod 700 %{pki_homedir}
+    usermod -d %{pki_homedir} %{pki_username}
+fi
+
 exit 0
 
 # with server