SSSD: Load a user to run a service as from configuration

Related:
    https://fedorahosted.org/sssd/ticket/2370

Adds a option, user to run as, that is specified in the [sssd] section. When
this option is specified, SSSD will run as this user and his private
group. When these are not specified, SSSD will run as the configure-time
user and group (usually root).

Currently all services and providers are started as root. There is a
temporary svc_supported_as_nonroot() function that returns true for a
service if that service runs and was tested as nonroot and false
otherwise. Currently this function always returns false, but will be
amended in future patches.

Reviewed-by: Pavel Reichl <preichl@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>

1 files changed, 13 insertions, 0 deletions

diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml
index d57341661..d6bc42ca0 100644
--- a/src/man/sssd.conf.5.xml
+++ b/src/man/sssd.conf.5.xml
@@ -297,6 +297,19 @@
                         </listitem>
                     </varlistentry>
                     <varlistentry>
+                        <term>user (string)</term>
+                        <listitem>
+                            <para>
+                                The user to drop the privileges to where
+                                appropriate to avoid running as the
+                                root user.
+                            </para>
+                            <para>
+                                Default: not set, process will run as root
+                            </para>
+                        </listitem>
+                    </varlistentry>
+                    <varlistentry>
                         <term>default_domain_suffix (string)</term>
                         <listitem>
                             <para>