diff options
| author | Jakub Hrozek <jhrozek@redhat.com> | 2014-10-11 20:22:42 +0200 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-10-29 10:55:11 +0100 |
| commit | 267cc7c1e8c916b048d52b8ec292404e3aada1ad (patch) | |
| tree | da3a5905188a2b8eb55eff2ee5f50b9d2c039edd | |
| parent | 05176a0efd8ed7089432a92a9d310dfc019d1b88 (diff) | |
| download | sssd-267cc7c1e8c916b048d52b8ec292404e3aada1ad.tar.gz sssd-267cc7c1e8c916b048d52b8ec292404e3aada1ad.tar.xz sssd-267cc7c1e8c916b048d52b8ec292404e3aada1ad.zip | |
BUILD: Install ldap_child and as setuid if running under non-privileged user
The ldap_child permissions should be 4750, owned by root.sssd,
to make sure only root and sssd can execute the child and if executed by
sssd, the child will run as root.
| -rw-r--r-- | Makefile.am | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/Makefile.am b/Makefile.am index 61bf5cf95..a913cc9c8 100644 --- a/Makefile.am +++ b/Makefile.am @@ -2825,6 +2825,11 @@ else $(MKDIR_P) $(DESTDIR)$(initdir) endif +if SSSD_USER + chgrp $(SSSD_USER) $(sssdlibexecdir)/ldap_child + chmod 4750 $(sssdlibexecdir)/ldap_child +endif + install-data-hook: rm $(DESTDIR)/$(nsslibdir)/libnss_sss.so.2 \ $(DESTDIR)/$(nsslibdir)/libnss_sss.so |