diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2014-10-11 20:22:42 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-11-05 19:54:46 +0100 |
commit | 45414c12aa933a33d9a635cc212c448c858c6bab (patch) | |
tree | b8034b559576c74b9640ae382f8da14f79a3e1ea /Makefile.am | |
parent | f9f513ee1dd4ca10ab980a180d0468ae5167d021 (diff) | |
download | sssd-45414c12aa933a33d9a635cc212c448c858c6bab.tar.gz sssd-45414c12aa933a33d9a635cc212c448c858c6bab.tar.xz sssd-45414c12aa933a33d9a635cc212c448c858c6bab.zip |
BUILD: Install ldap_child and as setuid if running under non-privileged user
The ldap_child permissions should be 4750, owned by root.sssd,
to make sure only root and sssd can execute the child and if executed by
sssd, the child will run as root.
Reviewed-by: Michal Židek <mzidek@redhat.com>
Diffstat (limited to 'Makefile.am')
-rw-r--r-- | Makefile.am | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/Makefile.am b/Makefile.am index 60bc67f1a..02b087ea3 100644 --- a/Makefile.am +++ b/Makefile.am @@ -2844,6 +2844,11 @@ else $(MKDIR_P) $(DESTDIR)$(initdir) endif +if SSSD_USER + chgrp $(SSSD_USER) $(sssdlibexecdir)/ldap_child + chmod 4750 $(sssdlibexecdir)/ldap_child +endif + install-data-hook: rm $(DESTDIR)/$(nsslibdir)/libnss_sss.so.2 \ $(DESTDIR)/$(nsslibdir)/libnss_sss.so |