diff options
| author | Jakub Hrozek <jhrozek@redhat.com> | 2014-08-05 13:53:20 +0200 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-10-22 15:44:11 +0200 |
| commit | fa24dabfd480e1ce346009336c7979ab59520c44 (patch) | |
| tree | c59ac990d677cd5f1b25f619f187024b975c46df /contrib | |
| parent | bc13c352ba9c2877f1e9bc62e55ad60fc000a55d (diff) | |
| download | sssd-fa24dabfd480e1ce346009336c7979ab59520c44.tar.gz sssd-fa24dabfd480e1ce346009336c7979ab59520c44.tar.xz sssd-fa24dabfd480e1ce346009336c7979ab59520c44.zip | |
RPM: Change file ownership to sssd.sssd
Adds a private SSSD user in the %pre section of SSSD specfile. Also
changes the ownership of SSSD private directories to sssd.sssd.
Does not change the configure time default, so SSSD will still run as
root. The file and directory ownership does not widen, because the
directories are still only accessible by the private user (whose shell
is /sbin/nologin) and of course the root user.
Reviewed-by: Pavel Reichl <preichl@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Diffstat (limited to 'contrib')
| -rw-r--r-- | contrib/sssd.spec.in | 26 |
1 files changed, 15 insertions, 11 deletions
diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in index 74f7e9505..988174b5e 100644 --- a/contrib/sssd.spec.in +++ b/contrib/sssd.spec.in @@ -604,17 +604,17 @@ rm -rf $RPM_BUILD_ROOT %dir %{sssdstatedir} %dir %{_localstatedir}/cache/krb5rcache -%attr(700,root,root) %dir %{dbpath} -%attr(755,root,root) %dir %{mcpath} -%ghost %attr(0644,root,root) %verify(not md5 size mtime) %{mcpath}/passwd -%ghost %attr(0644,root,root) %verify(not md5 size mtime) %{mcpath}/group -%attr(755,root,root) %dir %{pipepath} -%attr(755,root,root) %dir %{pubconfpath} -%attr(755,root,root) %dir %{gpocachepath} -%attr(700,root,root) %dir %{pipepath}/private -%attr(750,root,root) %dir %{_var}/log/%{name} -%attr(711,root,root) %dir %{_sysconfdir}/sssd -%ghost %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/sssd/sssd.conf +%attr(700,sssd,sssd) %dir %{dbpath} +%attr(755,sssd,sssd) %dir %{mcpath} +%ghost %attr(0644,sssd,sssd) %verify(not md5 size mtime) %{mcpath}/passwd +%ghost %attr(0644,sssd,sssd) %verify(not md5 size mtime) %{mcpath}/group +%attr(755,sssd,sssd) %dir %{pipepath} +%attr(755,sssd,sssd) %dir %{pubconfpath} +%attr(755,sssd,sssd) %dir %{gpocachepath} +%attr(700,sssd,sssd) %dir %{pipepath}/private +%attr(750,sssd,sssd) %dir %{_var}/log/%{name} +%attr(711,sssd,sssd) %dir %{_sysconfdir}/sssd +%ghost %attr(0600,sssd,sssd) %config(noreplace) %{_sysconfdir}/sssd/sssd.conf %if (0%{?use_systemd} == 1) %attr(755,root,root) %dir %{_sysconfdir}/systemd/system/sssd.service.d %config(noreplace) %{_sysconfdir}/systemd/system/sssd.service.d/journal.conf @@ -803,6 +803,10 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/%{name}/modules/libwbclient.so %{_libdir}/pkgconfig/wbclient_sssd.pc +%pre common +getent group sssd >/dev/null || groupadd -r sssd +getent passwd sssd >/dev/null || useradd -r -g sssd -d / -s /sbin/nologin -c "User for sssd" sssd + %if (0%{?use_systemd} == 1) # systemd %post common |