diff options
author | Lukas Slebodnik <lslebodn@redhat.com> | 2016-03-03 13:34:55 +0100 |
---|---|---|
committer | Lukas Slebodnik <lslebodn@redhat.com> | 2016-04-07 09:24:22 +0200 |
commit | d0e0cf6ee47ab538efc47c7882f498f1b5e0f0c7 (patch) | |
tree | ab1064d1f4984ad8afeb7afe47c60affbb4b33cd /src/providers/ad | |
parent | 192126738fa82c5624f4740147426c552126c602 (diff) | |
download | sssd-d0e0cf6ee47ab538efc47c7882f498f1b5e0f0c7.tar.gz sssd-d0e0cf6ee47ab538efc47c7882f498f1b5e0f0c7.tar.xz sssd-d0e0cf6ee47ab538efc47c7882f498f1b5e0f0c7.zip |
GPO_CHILD: Create directories in gpo_cache with right permissions
The parent directory has to have execute bit if we want to create
subdirectories or read files there.
sh-4.3$ mkdir dir
sh-4.3$ echo "test" > dir/test_file
sh-4.3$ chmod 644 dir/
sh-4.3$ ls dir/
test_file
sh-4.3$ cat dir/test_file
cat: dir/test_file: Permission denied
It was not probelm for sssd in root mode
because root has by default capbilities DAC_OVERRIDE and DAC_READ_SEARCH
which bypass file read, write, and execute permission checks
and directory read and execute permission checks
Resolves:
https://fedorahosted.org/sssd/ticket/2962
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Diffstat (limited to 'src/providers/ad')
-rw-r--r-- | src/providers/ad/ad_gpo_child.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/providers/ad/ad_gpo_child.c b/src/providers/ad/ad_gpo_child.c index c95625e83..e37abe394 100644 --- a/src/providers/ad/ad_gpo_child.c +++ b/src/providers/ad/ad_gpo_child.c @@ -249,7 +249,7 @@ static errno_t prepare_gpo_cache(TALLOC_CTX *mem_ctx, } DEBUG(SSSDBG_TRACE_FUNC, "Storing GPOs in %s\n", current_dir); - if ((mkdir(current_dir, 0644)) < 0 && errno != EEXIST) { + if ((mkdir(current_dir, 0700)) < 0 && errno != EEXIST) { ret = errno; DEBUG(SSSDBG_CRIT_FAILURE, "mkdir(%s) failed: %d\n", current_dir, ret); |