summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJakub Hrozek <jhrozek@redhat.com>2014-10-27 16:14:51 +0100
committerJakub Hrozek <jhrozek@redhat.com>2014-11-18 20:54:08 +0100
commit10d571677bf11c8b2c357026f24de40cae3094f5 (patch)
tree49326a20dfdafd1ae5d294d3d9809d7d85f04313
parentd167039ec78f93828ba65366d86a1ee7774aed3e (diff)
downloadsssd-10d571677bf11c8b2c357026f24de40cae3094f5.zip
sssd-10d571677bf11c8b2c357026f24de40cae3094f5.tar.gz
sssd-10d571677bf11c8b2c357026f24de40cae3094f5.tar.xz
BE: Become a regular user after initialization
Some parts of initialization (Kerberos ticket renewal, checking the keytab for the right principal) still require the root privileges. Drop privileges after initializing the back ends. Related: https://fedorahosted.org/sssd/ticket/2370 Reviewed-by: Sumit Bose <sbose@redhat.com>
-rw-r--r--src/providers/data_provider_be.c13
1 files changed, 13 insertions, 0 deletions
diff --git a/src/providers/data_provider_be.c b/src/providers/data_provider_be.c
index a5e7714..467fcec 100644
--- a/src/providers/data_provider_be.c
+++ b/src/providers/data_provider_be.c
@@ -2896,6 +2896,19 @@ int main(int argc, const char *argv[])
return 3;
}
+ ret = chown_debug_file(NULL, uid, gid);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_MINOR_FAILURE,
+ "Cannot chown the debug files, debugging might not work!\n");
+ }
+
+ ret = become_user(uid, gid);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_FUNC_DATA,
+ "Cannot become user [%"SPRIuid"][%"SPRIgid"].\n", uid, gid);
+ return ret;
+ }
+
DEBUG(SSSDBG_TRACE_FUNC, "Backend provider (%s) started!\n", be_domain);
/* loop on main */