diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2014-10-27 16:14:51 +0100 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-10-30 16:36:51 +0100 |
commit | e6d0e2a8695337c63ee80d202e7ac8a2f7ff42cd (patch) | |
tree | 7113573f64f6d4bba695c02eb454c67f1233b97e | |
parent | 7b21c328e617a3dba6bbf7b1d1bab71e01ba4af9 (diff) | |
download | sssd-e6d0e2a8695337c63ee80d202e7ac8a2f7ff42cd.tar.gz sssd-e6d0e2a8695337c63ee80d202e7ac8a2f7ff42cd.tar.xz sssd-e6d0e2a8695337c63ee80d202e7ac8a2f7ff42cd.zip |
BE: Become a regular user after initialization
Some parts of initialization (Kerberos ticket renewal, checking the
keytab for the right principal) still require the root privileges. Drop
privileges after initializing the back ends.
-rw-r--r-- | src/providers/data_provider_be.c | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/src/providers/data_provider_be.c b/src/providers/data_provider_be.c index 2716e4a8b..267f5f1d8 100644 --- a/src/providers/data_provider_be.c +++ b/src/providers/data_provider_be.c @@ -2886,6 +2886,19 @@ int main(int argc, const char *argv[]) return 3; } + ret = chown_debug_file(NULL, uid, gid); + if (ret != EOK) { + DEBUG(SSSDBG_MINOR_FAILURE, + "Cannot chown the debug files, debugging might not work!\n"); + } + + ret = become_user(uid, gid); + if (ret != EOK) { + DEBUG(SSSDBG_FUNC_DATA, + "Cannot become user [%"SPRIuid"][%"SPRIgid"].\n", uid, gid); + return ret; + } + DEBUG(SSSDBG_TRACE_FUNC, "Backend provider (%s) started!\n", be_domain); /* loop on main */ |