diff options
author | Lukas Slebodnik <lslebodn@redhat.com> | 2016-06-16 19:39:26 +0200 |
---|---|---|
committer | Lukas Slebodnik <lslebodn@redhat.com> | 2016-06-17 13:13:15 +0200 |
commit | 88573e13382f7d3ee112bed7b1f79eac00f1304b (patch) | |
tree | bd69470da66693bc647c45ba684f8e0901b03806 /contrib | |
parent | ef045ad7616667e5d824d9ac326b461f9bb1d8cf (diff) | |
download | sssd-88573e13382f7d3ee112bed7b1f79eac00f1304b.tar.gz sssd-88573e13382f7d3ee112bed7b1f79eac00f1304b.tar.xz sssd-88573e13382f7d3ee112bed7b1f79eac00f1304b.zip |
SPEC: Run sssd as privileged user
There are still issues[1,2,3] with ipa and ad provider
which cause failures when sssd is running as non-privileged user.
It's easy to change default root to non-root
mock --resultdir . --rebuild ./sssd-1.13.90-0.fc24.src.rpm --with=sssd_user
or with plain rpmbuild
rpmbuild -ba SPECS/sssd.spec --with sssd_user
[1] https://fedorahosted.org/sssd/ticket/2963
[2] https://fedorahosted.org/sssd/ticket/2965
[3] https://fedorahosted.org/sssd/ticket/3014
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Diffstat (limited to 'contrib')
-rw-r--r-- | contrib/sssd.spec.in | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in index 7b4188ae3..0f2bcdf61 100644 --- a/contrib/sssd.spec.in +++ b/contrib/sssd.spec.in @@ -1,3 +1,7 @@ +# SSSD is running as root user by default. +# Set --with sssd_user or bcond_without to run SSSD as non-root user(sssd). +%bcond_with sssd_user + %global rhel6_minor %(%{__grep} -o "6.[0-9]*" /etc/redhat-release |%{__sed} -s 's/6.//') %global rhel7_minor %(%{__grep} -o "7.[0-9]*" /etc/redhat-release |%{__sed} -s 's/7.//') @@ -21,7 +25,7 @@ # on Fedora and RHEL7 p11_child needs a polkit config snippet to be allowed to # talk to pcscd if SSSD runs as unpriviledged user -%if (0%{?fedora} || 0%{?rhel} >= 7) +%if (%{with sssd_user} && (0%{?fedora} || 0%{?rhel} >= 7)) %global install_pcscd_polkit_rule 1 %else %global enable_polkit_rules_option --disable-polkit-rules-path @@ -599,7 +603,9 @@ autoreconf -ivf --enable-nfsidmaplibdir=%{_libdir}/libnfsidmap \ --disable-static \ --disable-rpath \ +%if %{with sssd_user} --with-sssd-user=sssd \ +%endif %{with_initscript} \ %{?with_syslog} \ %{?with_cifs_utils_plugin_option} \ |