SPEC: Run sssd as privileged user

There are still issues[1,2,3] with ipa and ad provider
which cause failures when sssd is running as non-privileged user.

It's easy to change default root to non-root
  mock --resultdir . --rebuild ./sssd-1.13.90-0.fc24.src.rpm --with=sssd_user
or with plain rpmbuild
  rpmbuild -ba SPECS/sssd.spec --with sssd_user

[1] https://fedorahosted.org/sssd/ticket/2963
[2] https://fedorahosted.org/sssd/ticket/2965
[3] https://fedorahosted.org/sssd/ticket/3014

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

1 files changed, 7 insertions, 1 deletions

diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in
index 7b4188ae3..0f2bcdf61 100644
--- a/contrib/sssd.spec.in
+++ b/contrib/sssd.spec.in
@@ -1,3 +1,7 @@
+# SSSD is running as root user by default.
+# Set --with sssd_user or bcond_without to run SSSD as non-root user(sssd).
+%bcond_with sssd_user
+
 %global rhel6_minor %(%{__grep} -o "6.[0-9]*" /etc/redhat-release |%{__sed} -s 's/6.//')
 %global rhel7_minor %(%{__grep} -o "7.[0-9]*" /etc/redhat-release |%{__sed} -s 's/7.//')
 
@@ -21,7 +25,7 @@
 
 # on Fedora and RHEL7 p11_child needs a polkit config snippet to be allowed to
 # talk to pcscd if SSSD runs as unpriviledged user
-%if (0%{?fedora} || 0%{?rhel} >= 7)
+%if (%{with sssd_user} && (0%{?fedora} || 0%{?rhel} >= 7))
     %global install_pcscd_polkit_rule 1
 %else
     %global enable_polkit_rules_option --disable-polkit-rules-path
@@ -599,7 +603,9 @@ autoreconf -ivf
     --enable-nfsidmaplibdir=%{_libdir}/libnfsidmap \
     --disable-static \
     --disable-rpath \
+%if %{with sssd_user}
     --with-sssd-user=sssd \
+%endif
     %{with_initscript} \
     %{?with_syslog} \
     %{?with_cifs_utils_plugin_option} \