Learn more about these different git repos.
Other Git URLs
I'm trying to override the default nature of certmonger by running it as a non-root user. I have not seen an easy way to do this, but I've been able to successfully get it up and running. I'm having issues though running post-save commands, which won't execute unless I leave this as root user. The error I'm seeing in journalctl are: Oct 27 08:19:14 certmonger[12719]: 2017-10-27 08:19:14 [19676] Error on initgroups(root,0): Operation not permitted, continuing and running "update_jks.sh " anyway. Oct 27 08:19:14 certmonger[12719]: 2017-10-27 08:19:14 [19676] Error on setregid(0,0,0): Operation not permitted, not running "update_jks.sh". Oct 27 08:19:14 certmonger[12719]: Null message body; hope that's ok I've set the group as root and got a different second attempt: Error on setreuid(0,0,0): ... Am I overthinking this? Is there an easier way to do it?
Oct 27 08:19:14 certmonger[12719]: 2017-10-27 08:19:14 [19676] Error on initgroups(root,0): Operation not permitted, continuing and running "update_jks.sh " anyway. Oct 27 08:19:14 certmonger[12719]: 2017-10-27 08:19:14 [19676] Error on setregid(0,0,0): Operation not permitted, not running "update_jks.sh". Oct 27 08:19:14 certmonger[12719]: Null message body; hope that's ok
Error on setreuid(0,0,0): ...
OS is RHEL 7.
Thanks!
Sorry for such a late response. You can try setting pre_certsave_uid and/or post_certsave_uid in your request.
I don't see a way to set this on the cli but if you stop certmonger you can manually update the request file to try this out.
@rcritten It would sure be nice to run pre/post save commands by default with the user that certmonger is running with. On the other hand, I don't find where to set these (pre|post)_certsave_ui options. It seems to me like it would be useful to expose them as command line options for the request command.
They are set in the request itself, in /var/lib/certmonger/requests/<id>
e.g.
/var/lib/certmonger/requests/20170706143313:pre_certsave_uid=0 /var/lib/certmonger/requests/20170706143313:post_certsave_uid=0
Metadata Update from @rcritten: - Issue close_status updated to: worksforme - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.