From 19e9c1c1a21790974400db9349637788727b6564 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Wed, 15 Oct 2014 15:58:58 +0200
Subject: BE: Own the sbus socket as the SSSD user

In some cases, the back end might still be running as root, but the
responder would be running unprivileged. In this case, we need to allow
connecting from the SSSD user ID.

Reviewed-by: Pavel Reichl <preichl@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
---
 src/monitor/monitor.c | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'src/monitor')

diff --git a/src/monitor/monitor.c b/src/monitor/monitor.c
index fc6b2963f..905e66f25 100644
--- a/src/monitor/monitor.c
+++ b/src/monitor/monitor.c
@@ -1306,6 +1306,14 @@ static int get_provider_config(struct mt_ctx *ctx, const char *name,
             return ENOMEM;
         }
 
+        svc->command = talloc_asprintf_append(svc->command,
+                " --uid %"SPRIuid" --gid %"SPRIgid,
+                ctx->uid, ctx->gid);
+        if (!svc->command) {
+            talloc_free(svc);
+            return ENOMEM;
+        }
+
         if (cmdline_debug_level != SSSDBG_UNRESOLVED) {
             svc->command = talloc_asprintf_append(
                 svc->command, " -d %#.4x", cmdline_debug_level
-- 
cgit