diff options
| author | Fabiano Fidêncio <fidencio@redhat.com> | 2016-11-17 01:03:13 +0100 |
|---|---|---|
| committer | Lukas Slebodnik <lslebodn@redhat.com> | 2017-01-23 18:46:37 +0100 |
| commit | f37e795cd16310759dc9741c1ab1323b287a9101 (patch) | |
| tree | ac767be2413917d0a8bcd4514527660650a80149 /src | |
| parent | b33c275ebac86695f7a2fa866e5766d469e2c578 (diff) | |
| download | sssd-f37e795cd16310759dc9741c1ab1323b287a9101.tar.gz sssd-f37e795cd16310759dc9741c1ab1323b287a9101.tar.xz sssd-f37e795cd16310759dc9741c1ab1323b287a9101.zip | |
SUDO: Make Sudo responder socket-activatable
As part of the effort of making all responder socket-activatable, let's
make Sudo responder ready for this by providing its systemd's units.
In case the administrators want to use Sudo responder taking advantage
of socket-activation they will need to enable sssd-sudo.socket and
after a restart of the sssd service, the Sudo socket will be ready
waiting for any activity in order to start the Sudo responder. Also,
the Sudo responder must be removed from the services line on sssd.conf.
The Sudo responder service is binded to the SSSD service, which means
that the responder will be restarted in case SSSD is restarted and
shutdown in case SSSD is shutdown/crashes.
Related:
https://fedorahosted.org/sssd/ticket/2243
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Diffstat (limited to 'src')
| -rw-r--r-- | src/responder/sudo/sudosrv.c | 1 | ||||
| -rw-r--r-- | src/sysv/systemd/sssd-sudo.service.in | 16 | ||||
| -rw-r--r-- | src/sysv/systemd/sssd-sudo.socket.in | 12 |
3 files changed, 29 insertions, 0 deletions
diff --git a/src/responder/sudo/sudosrv.c b/src/responder/sudo/sudosrv.c index 2a82cee3d..b427878d4 100644 --- a/src/responder/sudo/sudosrv.c +++ b/src/responder/sudo/sudosrv.c @@ -176,6 +176,7 @@ int main(int argc, const char *argv[]) POPT_AUTOHELP SSSD_MAIN_OPTS SSSD_SERVER_OPTS(uid, gid) + SSSD_RESPONDER_OPTS POPT_TABLEEND }; diff --git a/src/sysv/systemd/sssd-sudo.service.in b/src/sysv/systemd/sssd-sudo.service.in new file mode 100644 index 000000000..5b736e8b5 --- /dev/null +++ b/src/sysv/systemd/sssd-sudo.service.in @@ -0,0 +1,16 @@ +[Unit] +Description=SSSD Sudo Service responder +Documentation=man:sssd.conf(5) man:sssd-sudo(5) +After=sssd.service +BindsTo=sssd.service + +[Install] +Also=sssd-sudo.socket + +[Service] +ExecStartPre=-/bin/chown @SSSD_USER@:@SSSD_USER@ @logpath@/sssd_sudo.log +ExecStart=@libexecdir@/sssd/sssd_sudo --debug-to-files --socket-activated +Restart=on-failure +User=@SSSD_USER@ +Group=@SSSD_USER@ +PermissionsStartOnly=true diff --git a/src/sysv/systemd/sssd-sudo.socket.in b/src/sysv/systemd/sssd-sudo.socket.in new file mode 100644 index 000000000..0b6c0d9c1 --- /dev/null +++ b/src/sysv/systemd/sssd-sudo.socket.in @@ -0,0 +1,12 @@ +[Unit] +Description=SSSD Sudo Service responder socket +Documentation=man:sssd.conf(5) +BindsTo=sssd.service + +[Socket] +ListenStream=@pipepath@/sudo +SocketUser=@SSSD_USER@ +SocketGroup=@SSSD_USER@ + +[Install] +WantedBy=sssd.service |