SUDO: Run the sudo responder as the SSSD user

Reviewed-by: Pavel Reichl <preichl@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>

2 files changed, 3 insertions, 2 deletions

diff --git a/src/monitor/monitor.c b/src/monitor/monitor.c
index 61a9f0b84..d09aeba90 100644
--- a/src/monitor/monitor.c
+++ b/src/monitor/monitor.c
@@ -1065,7 +1065,8 @@ static bool svc_supported_as_nonroot(const char *svc_name)
     if ((strcmp(svc_name, "nss") == 0)
         || (strcmp(svc_name, "pam") == 0)
         || (strcmp(svc_name, "autofs") == 0)
-        || (strcmp(svc_name, "pac") == 0)) {
+        || (strcmp(svc_name, "pac") == 0)
+        || (strcmp(svc_name, "sudo") == 0)) {
         return true;
     }
     return false;
diff --git a/src/responder/sudo/sudosrv.c b/src/responder/sudo/sudosrv.c
index 038e3fd7d..a25f98eca 100644
--- a/src/responder/sudo/sudosrv.c
+++ b/src/responder/sudo/sudosrv.c
@@ -195,7 +195,7 @@ int main(int argc, const char *argv[])
     /* set up things like debug, signals, daemonization, etc... */
     debug_log_file = "sssd_sudo";
 
-    ret = server_setup("sssd[sudo]", 0, 0, 0, CONFDB_SUDO_CONF_ENTRY,
+    ret = server_setup("sssd[sudo]", 0, uid, gid, CONFDB_SUDO_CONF_ENTRY,
                        &main_ctx);
     if (ret != EOK) {
         return 2;