summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/responder/common/responder.h2
-rw-r--r--src/responder/common/responder_common.c3
-rw-r--r--src/responder/pam/pamsrv.c3
3 files changed, 5 insertions, 3 deletions
diff --git a/src/responder/common/responder.h b/src/responder/common/responder.h
index 4d927cfe3..72c7f4e67 100644
--- a/src/responder/common/responder.h
+++ b/src/responder/common/responder.h
@@ -41,7 +41,7 @@ extern hash_table_t *dp_requests;
/* we want default permissions on created files to be very strict,
* so set our umask to 0177 */
-#define DFL_RSP_UMASK 0177
+#define DFL_RSP_UMASK SSS_DFL_UMASK
/* if there is a provider other than the special local */
#define NEED_CHECK_PROVIDER(provider) \
diff --git a/src/responder/common/responder_common.c b/src/responder/common/responder_common.c
index 2097004cb..baaf0412b 100644
--- a/src/responder/common/responder_common.c
+++ b/src/responder/common/responder_common.c
@@ -690,7 +690,8 @@ static int set_unix_socket(struct resp_ctx *rctx)
if (rctx->priv_sock_name != NULL ) {
/* create privileged pipe */
if (rctx->priv_lfd == -1) {
- ret = create_pipe_fd(rctx->priv_sock_name, &rctx->priv_lfd, 0177);
+ ret = create_pipe_fd(rctx->priv_sock_name, &rctx->priv_lfd,
+ DFL_RSP_UMASK);
if (ret != EOK) {
goto failed;
}
diff --git a/src/responder/pam/pamsrv.c b/src/responder/pam/pamsrv.c
index 3fe467c3c..6ac770b7a 100644
--- a/src/responder/pam/pamsrv.c
+++ b/src/responder/pam/pamsrv.c
@@ -396,7 +396,8 @@ int main(int argc, const char *argv[])
return 2;
}
- ret = create_pipe_fd(SSS_PAM_PRIV_SOCKET_NAME, &priv_pipe_fd, 0177);
+ ret = create_pipe_fd(SSS_PAM_PRIV_SOCKET_NAME, &priv_pipe_fd,
+ DFL_RSP_UMASK);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE,
"create_pipe_fd failed (priviledged pipe) [%d]: %s.\n",
generated by cgit (git 2.34.1) at 2024-05-24 05:55:30 +0000