diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2014-10-24 22:44:17 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-10-30 16:36:50 +0100 |
commit | 25a2d146599efde8f155cf8edf169bf852c58b0e (patch) | |
tree | 17cda79b06f80e86b6bcdb8dba1a19e9f54e6bab | |
parent | cf8828abd9ff0d234a8c677d7fd16477e6a00ca5 (diff) | |
download | sssd-25a2d146599efde8f155cf8edf169bf852c58b0e.tar.gz sssd-25a2d146599efde8f155cf8edf169bf852c58b0e.tar.xz sssd-25a2d146599efde8f155cf8edf169bf852c58b0e.zip |
BUILD: Install krb5_child as suid if running under non-privileged user
If sssd_be is running unprivileged, then krb5_child must be setuid to be
able to access the keytab and become arbitrary user.
-rw-r--r-- | Makefile.am | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/Makefile.am b/Makefile.am index b39db21e6..6d90d3312 100644 --- a/Makefile.am +++ b/Makefile.am @@ -2853,8 +2853,10 @@ endif if SSSD_USER chgrp $(SSSD_USER) $(sssdlibexecdir)/ldap_child chgrp $(SSSD_USER) $(sssdlibexecdir)/selinux_child + chgrp $(SSSD_USER) $(sssdlibexecdir)/krb5_child chmod 4750 $(sssdlibexecdir)/ldap_child chmod 4750 $(sssdlibexecdir)/selinux_child + chmod 4750 $(sssdlibexecdir)/krb5_child endif install-data-hook: |