From d4bbfc12cae1eb2efe2451885605c37ec7702a21 Mon Sep 17 00:00:00 2001

From: Jakub Hrozek <jhrozek@redhat.com>

Date: Sun, 21 Sep 2014 13:52:05 +0200

Subject: [PATCH 32/46] NSS: Run as a user specified by monitor

Adds the NSS responder to the list of services known to work as a

non-root user and becomes the specified user after starting the NSS

responder.

Reviewed-by: Pavel Reichl <preichl@redhat.com>

Reviewed-by: Simo Sorce <simo@redhat.com>

(cherry picked from commit 5d19966eda424bd71964c6913b84d705dce3b350)

---

 src/monitor/monitor.c      | 3 +++

 src/responder/nss/nsssrv.c | 3 ++-

 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/monitor/monitor.c b/src/monitor/monitor.c

index 04702428c4ed7fd1d77c6f18e491fa69b3700f4f..297648a60836cec1bd95c0a2972c8d14be32675a 100644

--- a/src/monitor/monitor.c

+++ b/src/monitor/monitor.c

@@ -1062,6 +1062,9 @@ static errno_t get_ping_config(struct mt_ctx *ctx, const char *path,

  */

 static bool svc_supported_as_nonroot(const char *svc_name)

 {

+    if (strcmp(svc_name, "nss") == 0) {

+        return true;

+    }

     return false;

 }

diff --git a/src/responder/nss/nsssrv.c b/src/responder/nss/nsssrv.c

index 420fd3d316959a67737f23e9a8b3d1c797583ea3..dbbdb4f844410eabe01f184ccdf8d9deb41833f4 100644

--- a/src/responder/nss/nsssrv.c

+++ b/src/responder/nss/nsssrv.c

@@ -568,7 +568,8 @@ int main(int argc, const char *argv[])

     /* set up things like debug, signals, daemonization, etc... */

     debug_log_file = "sssd_nss";

-    ret = server_setup("sssd[nss]", 0, 0, 0, CONFDB_NSS_CONF_ENTRY, &main_ctx);

+    ret = server_setup("sssd[nss]", 0, uid, gid, CONFDB_NSS_CONF_ENTRY,

+                       &main_ctx);

     if (ret != EOK) return 2;

     ret = die_if_parent_died();

-- 

1.9.3