summaryrefslogtreecommitdiffstats
path: root/Makefile.am
diff options
context:
space:
mode:
authorJakub Hrozek <jhrozek@redhat.com>2014-10-24 22:44:17 +0200
committerJakub Hrozek <jhrozek@redhat.com>2014-11-18 20:33:11 +0100
commita60f4bb6b321298eb4d1c1c33d1897049a83d357 (patch)
treefff0154ba9fed8ae3bc3feca4351c12e59df797e /Makefile.am
parent38429c99bf5af14c2d6bae6ddcf70974fdd103cc (diff)
downloadsssd-a60f4bb6b321298eb4d1c1c33d1897049a83d357.tar.gz
sssd-a60f4bb6b321298eb4d1c1c33d1897049a83d357.tar.xz
sssd-a60f4bb6b321298eb4d1c1c33d1897049a83d357.zip
BUILD: Install krb5_child as suid if running under non-privileged user
If sssd_be is running unprivileged, then krb5_child must be setuid to be able to access the keytab and become arbitrary user. Related: https://fedorahosted.org/sssd/ticket/2370 Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Diffstat (limited to 'Makefile.am')
-rw-r--r--Makefile.am2
1 files changed, 2 insertions, 0 deletions
diff --git a/Makefile.am b/Makefile.am
index b85341f58..5f265dcef 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -2872,6 +2872,8 @@ endif
if SSSD_USER
chgrp $(SSSD_USER) $(sssdlibexecdir)/ldap_child
chmod 4750 $(sssdlibexecdir)/ldap_child
+ chgrp $(SSSD_USER) $(sssdlibexecdir)/krb5_child
+ chmod 4750 $(sssdlibexecdir)/krb5_child
if BUILD_SEMANAGE
chgrp $(SSSD_USER) $(sssdlibexecdir)/selinux_child
chmod 4750 $(sssdlibexecdir)/selinux_child