|
 |
d6181b |
From e9091aba9c0cbcc1f00f5f0656c200554cc485a3 Mon Sep 17 00:00:00 2001
|
|
|
d6181b |
From: Sumit Bose <sbose@redhat.com>
|
|
|
d6181b |
Date: Fri, 2 Aug 2019 13:44:18 +0200
|
|
|
d6181b |
Subject: [PATCH 14/16] pam: make sure p11_child.log has the right permissions
|
|
|
d6181b |
|
|
|
d6181b |
If SSSD runs a unprivileged user we should make sure the log files for
|
|
|
d6181b |
child processes have the right permission so that the child process can
|
|
|
d6181b |
write to them.
|
|
|
d6181b |
|
|
|
d6181b |
Related to https://pagure.io/SSSD/sssd/issue/4056
|
|
|
d6181b |
|
|
|
d6181b |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
d6181b |
---
|
|
|
d6181b |
src/responder/pam/pamsrv.c | 9 +++++++++
|
|
|
d6181b |
1 file changed, 9 insertions(+)
|
|
|
d6181b |
|
|
|
d6181b |
diff --git a/src/responder/pam/pamsrv.c b/src/responder/pam/pamsrv.c
|
|
|
d6181b |
index 38db6fc9b..4f5b9b664 100644
|
|
|
d6181b |
--- a/src/responder/pam/pamsrv.c
|
|
|
d6181b |
+++ b/src/responder/pam/pamsrv.c
|
|
|
d6181b |
@@ -399,6 +399,15 @@ int main(int argc, const char *argv[])
|
|
|
d6181b |
}
|
|
|
d6181b |
}
|
|
|
d6181b |
|
|
|
d6181b |
+ /* server_setup() might switch to an unprivileged user, so the permissions
|
|
|
d6181b |
+ * for p11_child.log have to be fixed first. */
|
|
|
d6181b |
+ ret = chown_debug_file("p11_child", uid, gid);
|
|
|
d6181b |
+ if (ret != EOK) {
|
|
|
d6181b |
+ DEBUG(SSSDBG_MINOR_FAILURE,
|
|
|
d6181b |
+ "Cannot chown the p11_child debug file, "
|
|
|
d6181b |
+ "debugging might not work!\n");
|
|
|
d6181b |
+ }
|
|
|
d6181b |
+
|
|
|
d6181b |
ret = server_setup("sssd[pam]", 0, uid, gid, CONFDB_PAM_CONF_ENTRY, &main_ctx);
|
|
|
d6181b |
if (ret != EOK) return 2;
|
|
|
d6181b |
|
|
|
d6181b |
--
|
|
|
d6181b |
2.20.1
|
|
|
d6181b |
|