|
 |
905b4d |
From d140aa913a0aad28b151c79f4c6f7ff5d8fee6c9 Mon Sep 17 00:00:00 2001
|
|
|
905b4d |
From: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
905b4d |
Date: Tue, 5 Aug 2014 13:53:20 +0200
|
|
|
905b4d |
Subject: [PATCH 25/46] RPM: Change file ownership to sssd.sssd
|
|
|
905b4d |
|
|
|
905b4d |
Adds a private SSSD user in the %pre section of SSSD specfile. Also
|
|
|
905b4d |
changes the ownership of SSSD private directories to sssd.sssd.
|
|
|
905b4d |
|
|
|
905b4d |
Does not change the configure time default, so SSSD will still run as
|
|
|
905b4d |
root. The file and directory ownership does not widen, because the
|
|
|
905b4d |
directories are still only accessible by the private user (whose shell
|
|
|
905b4d |
is /sbin/nologin) and of course the root user.
|
|
|
905b4d |
|
|
|
905b4d |
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
|
|
905b4d |
Reviewed-by: Simo Sorce <simo@redhat.com>
|
|
|
905b4d |
(cherry picked from commit fa24dabfd480e1ce346009336c7979ab59520c44)
|
|
|
905b4d |
---
|
|
|
905b4d |
contrib/sssd.spec.in | 26 +++++++++++++++-----------
|
|
|
905b4d |
1 file changed, 15 insertions(+), 11 deletions(-)
|
|
|
905b4d |
|
|
|
905b4d |
diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in
|
|
|
905b4d |
index e5de4c44c4b4982f6819af363fdb8a32930f6137..db3bbcb09d6b27ca785f511ce6414fbeaaf445c6 100644
|
|
|
905b4d |
--- a/contrib/sssd.spec.in
|
|
|
905b4d |
+++ b/contrib/sssd.spec.in
|
|
|
905b4d |
@@ -604,17 +604,17 @@ rm -rf $RPM_BUILD_ROOT
|
|
|
905b4d |
|
|
|
905b4d |
%dir %{sssdstatedir}
|
|
|
905b4d |
%dir %{_localstatedir}/cache/krb5rcache
|
|
|
905b4d |
-%attr(700,root,root) %dir %{dbpath}
|
|
|
905b4d |
-%attr(755,root,root) %dir %{mcpath}
|
|
|
905b4d |
-%ghost %attr(0644,root,root) %verify(not md5 size mtime) %{mcpath}/passwd
|
|
|
905b4d |
-%ghost %attr(0644,root,root) %verify(not md5 size mtime) %{mcpath}/group
|
|
|
905b4d |
-%attr(755,root,root) %dir %{pipepath}
|
|
|
905b4d |
-%attr(755,root,root) %dir %{pubconfpath}
|
|
|
905b4d |
-%attr(755,root,root) %dir %{gpocachepath}
|
|
|
905b4d |
-%attr(700,root,root) %dir %{pipepath}/private
|
|
|
905b4d |
-%attr(750,root,root) %dir %{_var}/log/%{name}
|
|
|
905b4d |
-%attr(711,root,root) %dir %{_sysconfdir}/sssd
|
|
|
905b4d |
-%ghost %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/sssd/sssd.conf
|
|
|
905b4d |
+%attr(700,sssd,sssd) %dir %{dbpath}
|
|
|
905b4d |
+%attr(755,sssd,sssd) %dir %{mcpath}
|
|
|
905b4d |
+%ghost %attr(0644,sssd,sssd) %verify(not md5 size mtime) %{mcpath}/passwd
|
|
|
905b4d |
+%ghost %attr(0644,sssd,sssd) %verify(not md5 size mtime) %{mcpath}/group
|
|
|
905b4d |
+%attr(755,sssd,sssd) %dir %{pipepath}
|
|
|
905b4d |
+%attr(755,sssd,sssd) %dir %{pubconfpath}
|
|
|
905b4d |
+%attr(755,sssd,sssd) %dir %{gpocachepath}
|
|
|
905b4d |
+%attr(700,sssd,sssd) %dir %{pipepath}/private
|
|
|
905b4d |
+%attr(750,sssd,sssd) %dir %{_var}/log/%{name}
|
|
|
905b4d |
+%attr(711,sssd,sssd) %dir %{_sysconfdir}/sssd
|
|
|
905b4d |
+%ghost %attr(0600,sssd,sssd) %config(noreplace) %{_sysconfdir}/sssd/sssd.conf
|
|
|
905b4d |
%if (0%{?use_systemd} == 1)
|
|
|
905b4d |
%attr(755,root,root) %dir %{_sysconfdir}/systemd/system/sssd.service.d
|
|
|
905b4d |
%config(noreplace) %{_sysconfdir}/systemd/system/sssd.service.d/journal.conf
|
|
|
905b4d |
@@ -803,6 +803,10 @@ rm -rf $RPM_BUILD_ROOT
|
|
|
905b4d |
%{_libdir}/%{name}/modules/libwbclient.so
|
|
|
905b4d |
%{_libdir}/pkgconfig/wbclient_sssd.pc
|
|
|
905b4d |
|
|
|
905b4d |
+%pre common
|
|
|
905b4d |
+getent group sssd >/dev/null || groupadd -r sssd
|
|
|
905b4d |
+getent passwd sssd >/dev/null || useradd -r -g sssd -d / -s /sbin/nologin -c "User for sssd" sssd
|
|
|
905b4d |
+
|
|
|
905b4d |
%if (0%{?use_systemd} == 1)
|
|
|
905b4d |
# systemd
|
|
|
905b4d |
%post common
|
|
|
905b4d |
--
|
|
|
905b4d |
1.9.3
|
|
|
905b4d |
|