diff options
author | Michal Zidek <mzidek@redhat.com> | 2014-10-09 17:21:30 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-10-22 15:44:28 +0200 |
commit | 0887c35bdb85adf0a4376dc8963294ea5a9d6da6 (patch) | |
tree | 40b0c10c3509a85a7cd15dc4f1a5b5aad4dc59bc /src/db | |
parent | 579e5d4b7a3ca161ea7518b2996905fa22c15995 (diff) | |
download | sssd-0887c35bdb85adf0a4376dc8963294ea5a9d6da6.tar.gz sssd-0887c35bdb85adf0a4376dc8963294ea5a9d6da6.tar.xz sssd-0887c35bdb85adf0a4376dc8963294ea5a9d6da6.zip |
SYSDB: Allow calling chown on the sysdb file from monitor
Sysdb must be accessible for the nonroot sssd
processes.
Reviewed-by: Pavel Reichl <preichl@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Diffstat (limited to 'src/db')
-rw-r--r-- | src/db/sysdb.c | 21 | ||||
-rw-r--r-- | src/db/sysdb.h | 9 |
2 files changed, 30 insertions, 0 deletions
diff --git a/src/db/sysdb.c b/src/db/sysdb.c index 8d6f00b52..1f02585e7 100644 --- a/src/db/sysdb.c +++ b/src/db/sysdb.c @@ -1322,6 +1322,16 @@ int sysdb_init(TALLOC_CTX *mem_ctx, struct sss_domain_info *domains, bool allow_upgrade) { + return sysdb_init_ext(mem_ctx, domains, allow_upgrade, false, 0, 0); +} + +int sysdb_init_ext(TALLOC_CTX *mem_ctx, + struct sss_domain_info *domains, + bool allow_upgrade, + bool chown_dbfile, + uid_t uid, + gid_t gid) +{ struct sss_domain_info *dom; struct sysdb_ctx *sysdb; int ret; @@ -1343,6 +1353,17 @@ int sysdb_init(TALLOC_CTX *mem_ctx, return ret; } + if (chown_dbfile) { + ret = chown(sysdb->ldb_file, uid, gid); + if (ret != 0) { + ret = errno; + DEBUG(SSSDBG_CRIT_FAILURE, + "Cannot set sysdb ownership to %"SPRIuid":%"SPRIgid"\n", + uid, gid); + return ret; + } + } + dom->sysdb = talloc_move(dom, &sysdb); } diff --git a/src/db/sysdb.h b/src/db/sysdb.h index 0d0971d98..ebb1bbeda 100644 --- a/src/db/sysdb.h +++ b/src/db/sysdb.h @@ -533,6 +533,15 @@ uint64_t sss_view_ldb_msg_find_attr_as_uint64(struct sss_domain_info *dom, int sysdb_init(TALLOC_CTX *mem_ctx, struct sss_domain_info *domains, bool allow_upgrade); + +/* Same as sysdb_init, but additionally allows to change + * file ownership of the sysdb databases. */ +int sysdb_init_ext(TALLOC_CTX *mem_ctx, + struct sss_domain_info *domains, + bool allow_upgrade, + bool chown_dbfile, + uid_t uid, gid_t gid); + /* used to initialize only one domain database. * Do NOT use if sysdb_init has already been called */ int sysdb_domain_init(TALLOC_CTX *mem_ctx, |