diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2014-10-27 16:14:51 +0100 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-11-19 11:11:21 +0100 |
commit | edd6a6f65c1f1472632c263bdbd0946ff7fa8849 (patch) | |
tree | dcc6538b4e74320e6d8b8d9ef7742e9633219b0b /src/providers | |
parent | 6686822567fba8dd25ed0bd2e235c30c60eeccf2 (diff) | |
download | sssd-edd6a6f65c1f1472632c263bdbd0946ff7fa8849.tar.gz sssd-edd6a6f65c1f1472632c263bdbd0946ff7fa8849.tar.xz sssd-edd6a6f65c1f1472632c263bdbd0946ff7fa8849.zip |
BE: Become a regular user after initialization
Some parts of initialization (Kerberos ticket renewal, checking the
keytab for the right principal) still require the root privileges. Drop
privileges after initializing the back ends.
Related:
https://fedorahosted.org/sssd/ticket/2370
Reviewed-by: Sumit Bose <sbose@redhat.com>
Diffstat (limited to 'src/providers')
-rw-r--r-- | src/providers/data_provider_be.c | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/src/providers/data_provider_be.c b/src/providers/data_provider_be.c index 2716e4a8b..267f5f1d8 100644 --- a/src/providers/data_provider_be.c +++ b/src/providers/data_provider_be.c @@ -2886,6 +2886,19 @@ int main(int argc, const char *argv[]) return 3; } + ret = chown_debug_file(NULL, uid, gid); + if (ret != EOK) { + DEBUG(SSSDBG_MINOR_FAILURE, + "Cannot chown the debug files, debugging might not work!\n"); + } + + ret = become_user(uid, gid); + if (ret != EOK) { + DEBUG(SSSDBG_FUNC_DATA, + "Cannot become user [%"SPRIuid"][%"SPRIgid"].\n", uid, gid); + return ret; + } + DEBUG(SSSDBG_TRACE_FUNC, "Backend provider (%s) started!\n", be_domain); /* loop on main */ |