diff options
| author | Jakub Hrozek <jhrozek@redhat.com> | 2014-10-11 20:22:42 +0200 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-11-05 19:54:46 +0100 |
| commit | 45414c12aa933a33d9a635cc212c448c858c6bab (patch) | |
| tree | b8034b559576c74b9640ae382f8da14f79a3e1ea /contrib | |
| parent | f9f513ee1dd4ca10ab980a180d0468ae5167d021 (diff) | |
| download | sssd-45414c12aa933a33d9a635cc212c448c858c6bab.tar.gz sssd-45414c12aa933a33d9a635cc212c448c858c6bab.tar.xz sssd-45414c12aa933a33d9a635cc212c448c858c6bab.zip | |
BUILD: Install ldap_child and as setuid if running under non-privileged user
The ldap_child permissions should be 4750, owned by root.sssd,
to make sure only root and sssd can execute the child and if executed by
sssd, the child will run as root.
Reviewed-by: Michal Židek <mzidek@redhat.com>
Diffstat (limited to 'contrib')
| -rw-r--r-- | contrib/sssd.spec.in | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in index db3bbcb09..d2e6cec26 100644 --- a/contrib/sssd.spec.in +++ b/contrib/sssd.spec.in @@ -645,7 +645,7 @@ rm -rf $RPM_BUILD_ROOT %defattr(-,root,root,-) %doc COPYING %{_libdir}/%{name}/libsss_krb5_common.so -%{_libexecdir}/%{servicename}/ldap_child +%attr(4750,root,sssd) %{_libexecdir}/%{servicename}/ldap_child %{_libexecdir}/%{servicename}/krb5_child %files krb5 -f sssd_krb5.lang |