diff options
| author | Jakub Hrozek <jhrozek@redhat.com> | 2014-10-15 15:58:58 +0200 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-10-22 15:44:23 +0200 |
| commit | 19e9c1c1a21790974400db9349637788727b6564 (patch) | |
| tree | 6d284f2b8d6cf2f0fc488676bd6cdb923bb668b7 /src/monitor | |
| parent | aa871e019f00493dfa53b48f906132bf94eeae9f (diff) | |
| download | sssd-19e9c1c1a21790974400db9349637788727b6564.tar.gz sssd-19e9c1c1a21790974400db9349637788727b6564.tar.xz sssd-19e9c1c1a21790974400db9349637788727b6564.zip | |
BE: Own the sbus socket as the SSSD user
In some cases, the back end might still be running as root, but the
responder would be running unprivileged. In this case, we need to allow
connecting from the SSSD user ID.
Reviewed-by: Pavel Reichl <preichl@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Diffstat (limited to 'src/monitor')
| -rw-r--r-- | src/monitor/monitor.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/src/monitor/monitor.c b/src/monitor/monitor.c index fc6b2963f..905e66f25 100644 --- a/src/monitor/monitor.c +++ b/src/monitor/monitor.c @@ -1306,6 +1306,14 @@ static int get_provider_config(struct mt_ctx *ctx, const char *name, return ENOMEM; } + svc->command = talloc_asprintf_append(svc->command, + " --uid %"SPRIuid" --gid %"SPRIgid, + ctx->uid, ctx->gid); + if (!svc->command) { + talloc_free(svc); + return ENOMEM; + } + if (cmdline_debug_level != SSSDBG_UNRESOLVED) { svc->command = talloc_asprintf_append( svc->command, " -d %#.4x", cmdline_debug_level |