diff options
| author | Michal Zidek <mzidek@redhat.com> | 2014-10-09 17:21:30 +0200 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-10-22 15:44:28 +0200 |
| commit | 0887c35bdb85adf0a4376dc8963294ea5a9d6da6 (patch) | |
| tree | 40b0c10c3509a85a7cd15dc4f1a5b5aad4dc59bc | |
| parent | 579e5d4b7a3ca161ea7518b2996905fa22c15995 (diff) | |
| download | sssd-0887c35bdb85adf0a4376dc8963294ea5a9d6da6.tar.gz sssd-0887c35bdb85adf0a4376dc8963294ea5a9d6da6.tar.xz sssd-0887c35bdb85adf0a4376dc8963294ea5a9d6da6.zip | |
SYSDB: Allow calling chown on the sysdb file from monitor
Sysdb must be accessible for the nonroot sssd
processes.
Reviewed-by: Pavel Reichl <preichl@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
| -rw-r--r-- | src/db/sysdb.c | 21 | ||||
| -rw-r--r-- | src/db/sysdb.h | 9 | ||||
| -rw-r--r-- | src/monitor/monitor.c | 3 |
3 files changed, 32 insertions, 1 deletions
diff --git a/src/db/sysdb.c b/src/db/sysdb.c index 8d6f00b52..1f02585e7 100644 --- a/src/db/sysdb.c +++ b/src/db/sysdb.c @@ -1322,6 +1322,16 @@ int sysdb_init(TALLOC_CTX *mem_ctx, struct sss_domain_info *domains, bool allow_upgrade) { + return sysdb_init_ext(mem_ctx, domains, allow_upgrade, false, 0, 0); +} + +int sysdb_init_ext(TALLOC_CTX *mem_ctx, + struct sss_domain_info *domains, + bool allow_upgrade, + bool chown_dbfile, + uid_t uid, + gid_t gid) +{ struct sss_domain_info *dom; struct sysdb_ctx *sysdb; int ret; @@ -1343,6 +1353,17 @@ int sysdb_init(TALLOC_CTX *mem_ctx, return ret; } + if (chown_dbfile) { + ret = chown(sysdb->ldb_file, uid, gid); + if (ret != 0) { + ret = errno; + DEBUG(SSSDBG_CRIT_FAILURE, + "Cannot set sysdb ownership to %"SPRIuid":%"SPRIgid"\n", + uid, gid); + return ret; + } + } + dom->sysdb = talloc_move(dom, &sysdb); } diff --git a/src/db/sysdb.h b/src/db/sysdb.h index 0d0971d98..ebb1bbeda 100644 --- a/src/db/sysdb.h +++ b/src/db/sysdb.h @@ -533,6 +533,15 @@ uint64_t sss_view_ldb_msg_find_attr_as_uint64(struct sss_domain_info *dom, int sysdb_init(TALLOC_CTX *mem_ctx, struct sss_domain_info *domains, bool allow_upgrade); + +/* Same as sysdb_init, but additionally allows to change + * file ownership of the sysdb databases. */ +int sysdb_init_ext(TALLOC_CTX *mem_ctx, + struct sss_domain_info *domains, + bool allow_upgrade, + bool chown_dbfile, + uid_t uid, gid_t gid); + /* used to initialize only one domain database. * Do NOT use if sysdb_init has already been called */ int sysdb_domain_init(TALLOC_CTX *mem_ctx, diff --git a/src/monitor/monitor.c b/src/monitor/monitor.c index 37f6e928b..04702428c 100644 --- a/src/monitor/monitor.c +++ b/src/monitor/monitor.c @@ -2312,7 +2312,8 @@ static int monitor_process_init(struct mt_ctx *ctx, if (!tmp_ctx) { return ENOMEM; } - ret = sysdb_init(tmp_ctx, ctx->domains, true); + ret = sysdb_init_ext(tmp_ctx, ctx->domains, true, + true, ctx->uid, ctx->gid); if (ret != EOK) { SYSDB_VERSION_ERROR_DAEMON(ret); return ret; |