diff options
| author | Jakub Hrozek <jhrozek@redhat.com> | 2014-09-21 13:52:05 +0200 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-10-22 15:44:31 +0200 |
| commit | 5d19966eda424bd71964c6913b84d705dce3b350 (patch) | |
| tree | 86e95ea6b535fbd4520ad0dd32249a467db5f049 /src | |
| parent | 0887c35bdb85adf0a4376dc8963294ea5a9d6da6 (diff) | |
| download | sssd-5d19966eda424bd71964c6913b84d705dce3b350.tar.gz sssd-5d19966eda424bd71964c6913b84d705dce3b350.tar.xz sssd-5d19966eda424bd71964c6913b84d705dce3b350.zip | |
NSS: Run as a user specified by monitor
Adds the NSS responder to the list of services known to work as a
non-root user and becomes the specified user after starting the NSS
responder.
Reviewed-by: Pavel Reichl <preichl@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Diffstat (limited to 'src')
| -rw-r--r-- | src/monitor/monitor.c | 3 | ||||
| -rw-r--r-- | src/responder/nss/nsssrv.c | 3 |
2 files changed, 5 insertions, 1 deletions
diff --git a/src/monitor/monitor.c b/src/monitor/monitor.c index 04702428c..297648a60 100644 --- a/src/monitor/monitor.c +++ b/src/monitor/monitor.c @@ -1062,6 +1062,9 @@ static errno_t get_ping_config(struct mt_ctx *ctx, const char *path, */ static bool svc_supported_as_nonroot(const char *svc_name) { + if (strcmp(svc_name, "nss") == 0) { + return true; + } return false; } diff --git a/src/responder/nss/nsssrv.c b/src/responder/nss/nsssrv.c index 420fd3d31..dbbdb4f84 100644 --- a/src/responder/nss/nsssrv.c +++ b/src/responder/nss/nsssrv.c @@ -568,7 +568,8 @@ int main(int argc, const char *argv[]) /* set up things like debug, signals, daemonization, etc... */ debug_log_file = "sssd_nss"; - ret = server_setup("sssd[nss]", 0, 0, 0, CONFDB_NSS_CONF_ENTRY, &main_ctx); + ret = server_setup("sssd[nss]", 0, uid, gid, CONFDB_NSS_CONF_ENTRY, + &main_ctx); if (ret != EOK) return 2; ret = die_if_parent_died(); |