From dbfc407eef1d9ba2469687c3ffbe7fd8bb111d94 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Tue, 16 Jun 2015 13:22:32 +0200
Subject: BUILD: Store keytabs in /var/lib/sss/keytabs
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Make sure the directory is only accessible to the sssd user

Reviewed-by: Michal Židek <mzidek@redhat.com>
---
 contrib/sssd.spec.in | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'contrib')

diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in
index bfee8f8c2..1ebd92fa9 100644
--- a/contrib/sssd.spec.in
+++ b/contrib/sssd.spec.in
@@ -81,6 +81,7 @@ Requires: python-sssdconfig = %{version}-%{release}
 %global servicename sssd
 %global sssdstatedir %{_localstatedir}/lib/sss
 %global dbpath %{sssdstatedir}/db
+%global keytabdir %{sssdstatedir}/keytabs
 %global pipepath %{sssdstatedir}/pipes
 %global mcpath %{sssdstatedir}/mc
 %global pubconfpath %{sssdstatedir}/pubconf
@@ -765,7 +766,7 @@ rm -rf $RPM_BUILD_ROOT
 %defattr(-,root,root,-)
 %doc COPYING
 %attr(755,root,root) %dir %{pubconfpath}/krb5.include.d
-%attr(700,sssd,sssd) %dir %{dbpath}/keytabs
+%attr(700,sssd,sssd) %dir %{keytabdir}
 %{_libdir}/%{name}/libsss_ipa.so
 %attr(4750,root,sssd) %{_libexecdir}/%{servicename}/selinux_child
 %{_mandir}/man5/sssd-ipa.5*
-- 
cgit