forked from jengelh/sssd
77 lines
3.5 KiB
Diff
77 lines
3.5 KiB
Diff
|
From 8db2df4fcbd09badafbc207bd4150b5f1cc2d5fb Mon Sep 17 00:00:00 2001
|
||
|
From: Alexey Tikhonov <atikhono@redhat.com>
|
||
|
Date: Thu, 24 Oct 2024 15:34:26 +0200
|
||
|
Subject: [PATCH] Configuration: make sure /etc/sssd and everything
|
||
|
MIME-Version: 1.0
|
||
|
Content-Type: text/plain; charset=UTF-8
|
||
|
Content-Transfer-Encoding: 8bit
|
||
|
|
||
|
beneath is owned by 'sssd' group and readable by group.
|
||
|
|
||
|
This should allow for reasonable rw-r----- root:sssd
|
||
|
|
||
|
At some points those chown/chmod can be removed.
|
||
|
|
||
|
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
|
||
|
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
||
|
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
||
|
(cherry picked from commit 518db322fdd5a4de41813fbe5bc35fc20392ce67)
|
||
|
---
|
||
|
contrib/sssd.spec.in | 4 ++--
|
||
|
src/sysv/systemd/sssd-kcm.service.in | 5 ++---
|
||
|
src/sysv/systemd/sssd.service.in | 6 ++----
|
||
|
3 files changed, 6 insertions(+), 9 deletions(-)
|
||
|
|
||
|
diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in
|
||
|
index 4fbacb959..83de563f3 100644
|
||
|
--- a/contrib/sssd.spec.in
|
||
|
+++ b/contrib/sssd.spec.in
|
||
|
@@ -1136,9 +1136,9 @@ getent passwd sssd >/dev/null || useradd -r -g sssd -d /run/sssd -s /sbin/nologi
|
||
|
%__rm -f %{mcpath}/group
|
||
|
%__rm -f %{mcpath}/initgroups
|
||
|
%__rm -f %{mcpath}/sid
|
||
|
+%__chown -f -R root:%{sssd_user} %{_sysconfdir}/sssd || true
|
||
|
+%__chmod -f -R g+r %{_sysconfdir}/sssd || true
|
||
|
%__chown -f %{sssd_user}:%{sssd_user} %{dbpath}/* || true
|
||
|
-%__chown -f %{sssd_user}:%{sssd_user} %{_sysconfdir}/sssd/sssd.conf || true
|
||
|
-%__chown -f -R %{sssd_user}:%{sssd_user} %{_sysconfdir}/sssd/conf.d || true
|
||
|
%__chown -f %{sssd_user}:%{sssd_user} %{_var}/log/%{name}/*.log || true
|
||
|
%__chown -f %{sssd_user}:%{sssd_user} %{secdbpath}/*.ldb || true
|
||
|
%__chown -f %{sssd_user}:%{sssd_user} %{gpocachepath}/* || true
|
||
|
diff --git a/src/sysv/systemd/sssd-kcm.service.in b/src/sysv/systemd/sssd-kcm.service.in
|
||
|
index 0c839ec5c..ba9e27cd9 100644
|
||
|
--- a/src/sysv/systemd/sssd-kcm.service.in
|
||
|
+++ b/src/sysv/systemd/sssd-kcm.service.in
|
||
|
@@ -9,9 +9,8 @@ Also=sssd-kcm.socket
|
||
|
|
||
|
[Service]
|
||
|
Environment=DEBUG_LOGGER=--logger=files
|
||
|
-ExecStartPre=+-/bin/chown -f @SSSD_USER@:@SSSD_USER@ @sssdconfdir@
|
||
|
-ExecStartPre=+-/bin/chown -f @SSSD_USER@:@SSSD_USER@ @sssdconfdir@/sssd.conf
|
||
|
-ExecStartPre=+-/bin/chown -f -R @SSSD_USER@:@SSSD_USER@ @sssdconfdir@/conf.d
|
||
|
+ExecStartPre=+-/bin/chown -f -R root:@SSSD_USER@ @sssdconfdir@
|
||
|
+ExecStartPre=+-/bin/chmod -f -R g+r @sssdconfdir@
|
||
|
ExecStartPre=+-/bin/sh -c "/bin/chown -f @SSSD_USER@:@SSSD_USER@ @secdbpath@/*.ldb"
|
||
|
ExecStartPre=+-/bin/chown -f @SSSD_USER@:@SSSD_USER@ @logpath@/sssd_kcm.log
|
||
|
ExecStart=@libexecdir@/sssd/sssd_kcm ${DEBUG_LOGGER}
|
||
|
diff --git a/src/sysv/systemd/sssd.service.in b/src/sysv/systemd/sssd.service.in
|
||
|
index 37e0a63f8..a6f79ff8a 100644
|
||
|
--- a/src/sysv/systemd/sssd.service.in
|
||
|
+++ b/src/sysv/systemd/sssd.service.in
|
||
|
@@ -10,10 +10,8 @@ StartLimitBurst=5
|
||
|
[Service]
|
||
|
Environment=DEBUG_LOGGER=--logger=files
|
||
|
EnvironmentFile=-@environment_file@
|
||
|
-ExecStartPre=+-/bin/chown -f @SSSD_USER@:@SSSD_USER@ @sssdconfdir@
|
||
|
-ExecStartPre=+-/bin/chown -f @SSSD_USER@:@SSSD_USER@ @sssdconfdir@/sssd.conf
|
||
|
-ExecStartPre=+-/bin/chown -f -R @SSSD_USER@:@SSSD_USER@ @sssdconfdir@/conf.d
|
||
|
-ExecStartPre=+-/bin/chown -f -R @SSSD_USER@:@SSSD_USER@ @sssdconfdir@/pki
|
||
|
+ExecStartPre=+-/bin/chown -f -R root:@SSSD_USER@ @sssdconfdir@
|
||
|
+ExecStartPre=+-/bin/chmod -f -R g+r @sssdconfdir@
|
||
|
ExecStartPre=+-/bin/sh -c "/bin/chown -f @SSSD_USER@:@SSSD_USER@ @dbpath@/*.ldb"
|
||
|
ExecStartPre=+-/bin/sh -c "/bin/chown -f @SSSD_USER@:@SSSD_USER@ @gpocachepath@/*"
|
||
|
ExecStartPre=+-/bin/sh -c "/bin/chown -f @SSSD_USER@:@SSSD_USER@ @logpath@/*.log"
|
||
|
--
|
||
|
2.47.0
|
||
|
|