From 5d19966eda424bd71964c6913b84d705dce3b350 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Sun, 21 Sep 2014 13:52:05 +0200
Subject: NSS: Run as a user specified by monitor

Adds the NSS responder to the list of services known to work as a
non-root user and becomes the specified user after starting the NSS
responder.

Reviewed-by: Pavel Reichl <preichl@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
---
 src/monitor/monitor.c      | 3 +++
 src/responder/nss/nsssrv.c | 3 ++-
 2 files changed, 5 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/monitor/monitor.c b/src/monitor/monitor.c
index 04702428c..297648a60 100644
--- a/src/monitor/monitor.c
+++ b/src/monitor/monitor.c
@@ -1062,6 +1062,9 @@ static errno_t get_ping_config(struct mt_ctx *ctx, const char *path,
  */
 static bool svc_supported_as_nonroot(const char *svc_name)
 {
+    if (strcmp(svc_name, "nss") == 0) {
+        return true;
+    }
     return false;
 }
 
diff --git a/src/responder/nss/nsssrv.c b/src/responder/nss/nsssrv.c
index 420fd3d31..dbbdb4f84 100644
--- a/src/responder/nss/nsssrv.c
+++ b/src/responder/nss/nsssrv.c
@@ -568,7 +568,8 @@ int main(int argc, const char *argv[])
     /* set up things like debug, signals, daemonization, etc... */
     debug_log_file = "sssd_nss";
 
-    ret = server_setup("sssd[nss]", 0, 0, 0, CONFDB_NSS_CONF_ENTRY, &main_ctx);
+    ret = server_setup("sssd[nss]", 0, uid, gid, CONFDB_NSS_CONF_ENTRY,
+                       &main_ctx);
     if (ret != EOK) return 2;
 
     ret = die_if_parent_died();
-- 
cgit