diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2014-08-05 13:52:48 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-10-30 11:12:44 +0100 |
commit | b8a3625690f39e22d8cd699598384bad472b6373 (patch) | |
tree | 14d1bd44283ad781addd0b137f39cbd3598aa543 /src/config | |
parent | d140aa913a0aad28b151c79f4c6f7ff5d8fee6c9 (diff) | |
download | sssd-b8a3625690f39e22d8cd699598384bad472b6373.tar.gz sssd-b8a3625690f39e22d8cd699598384bad472b6373.tar.xz sssd-b8a3625690f39e22d8cd699598384bad472b6373.zip |
SSSD: Load a user to run a service as from configuration
Related:
https://fedorahosted.org/sssd/ticket/2370
Adds a option, user to run as, that is specified in the [sssd] section. When
this option is specified, SSSD will run as this user and his private
group. When these are not specified, SSSD will run as the configure-time
user and group (usually root).
Currently all services and providers are started as root. There is a
temporary svc_supported_as_nonroot() function that returns true for a
service if that service runs and was tested as nonroot and false
otherwise. Currently this function always returns false, but will be
amended in future patches.
Reviewed-by: Pavel Reichl <preichl@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
(cherry picked from commit a10ac1d0a7210def232205a48c53a075930e82f6)
Diffstat (limited to 'src/config')
-rw-r--r-- | src/config/SSSDConfig/__init__.py.in | 1 | ||||
-rwxr-xr-x | src/config/SSSDConfigTest.py | 1 | ||||
-rw-r--r-- | src/config/etc/sssd.api.conf | 1 |
3 files changed, 3 insertions, 0 deletions
diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in index 6c9553086..b4560ea2b 100644 --- a/src/config/SSSDConfig/__init__.py.in +++ b/src/config/SSSDConfig/__init__.py.in @@ -56,6 +56,7 @@ option_strings = { 'full_name_format' : _('Printf-compatible format for displaying fully-qualified names'), 'krb5_rcache_dir' : _('Directory on the filesystem where SSSD should store Kerberos replay cache files.'), 'default_domain_suffix' : _('Domain to add to names without a domain component.'), + 'user' : _('The user to drop privileges to'), # [nss] 'enum_cache_timeout' : _('Enumeration cache timeout length (seconds)'), diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py index 2d12bc02a..78e22f6ef 100755 --- a/src/config/SSSDConfigTest.py +++ b/src/config/SSSDConfigTest.py @@ -280,6 +280,7 @@ class SSSDConfigTestSSSDService(unittest.TestCase): 're_expression', 'full_name_format', 'krb5_rcache_dir', + 'user', 'default_domain_suffix', 'debug_level', 'debug_timestamps', diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf index a20f5aa44..c16769a39 100644 --- a/src/config/etc/sssd.api.conf +++ b/src/config/etc/sssd.api.conf @@ -23,6 +23,7 @@ sbus_timeout = int, None, false re_expression = str, None, false full_name_format = str, None, false krb5_rcache_dir = str, None, false +user = str, None, false default_domain_suffix = str, None, false [nss] |