BE: Become a regular user after initialization

Some parts of initialization (Kerberos ticket renewal, checking the keytab for the right principal) still require the root privileges. Drop privileges after initializing the back ends.
author: Jakub Hrozek <jhrozek@redhat.com> 2014-10-27 16:14:51 +0100
committer: Jakub Hrozek <jhrozek@redhat.com> 2014-10-30 16:36:51 +0100
commit: e6d0e2a8695337c63ee80d202e7ac8a2f7ff42cd (patch)
tree: 7113573f64f6d4bba695c02eb454c67f1233b97e
parent: 7b21c328e617a3dba6bbf7b1d1bab71e01ba4af9 (diff)
download: sssd-e6d0e2a8695337c63ee80d202e7ac8a2f7ff42cd.tar.gz
sssd-e6d0e2a8695337c63ee80d202e7ac8a2f7ff42cd.tar.xz
sssd-e6d0e2a8695337c63ee80d202e7ac8a2f7ff42cd.zip
1 files changed, 13 insertions, 0 deletions
diff --git a/src/providers/data_provider_be.c b/src/providers/data_provider_be.c
index 2716e4a8b..267f5f1d8 100644
--- a/src/providers/data_provider_be.c
+++ b/src/providers/data_provider_be.c
@@ -2886,6 +2886,19 @@ int main(int argc, const char *argv[])
         return 3;
     }
 
+    ret = chown_debug_file(NULL, uid, gid);
+    if (ret != EOK) {
+        DEBUG(SSSDBG_MINOR_FAILURE,
+              "Cannot chown the debug files, debugging might not work!\n");
+    }
+
+    ret = become_user(uid, gid);
+    if (ret != EOK) {
+        DEBUG(SSSDBG_FUNC_DATA,
+              "Cannot become user [%"SPRIuid"][%"SPRIgid"].\n", uid, gid);
+        return ret;
+    }
+
     DEBUG(SSSDBG_TRACE_FUNC, "Backend provider (%s) started!\n", be_domain);
 
     /* loop on main */
author	Jakub Hrozek <jhrozek@redhat.com>	2014-10-27 16:14:51 +0100
committer	Jakub Hrozek <jhrozek@redhat.com>	2014-10-30 16:36:51 +0100
commit	e6d0e2a8695337c63ee80d202e7ac8a2f7ff42cd (patch)
tree	7113573f64f6d4bba695c02eb454c67f1233b97e
parent	7b21c328e617a3dba6bbf7b1d1bab71e01ba4af9 (diff)
download	sssd-e6d0e2a8695337c63ee80d202e7ac8a2f7ff42cd.tar.gz sssd-e6d0e2a8695337c63ee80d202e7ac8a2f7ff42cd.tar.xz sssd-e6d0e2a8695337c63ee80d202e7ac8a2f7ff42cd.zip