From 2708fb488277209a60a5daf5217502c029c196c1 Mon Sep 17 00:00:00 2001 From: Lukas Slebodnik Date: Tue, 24 Jul 2018 18:52:08 +0000 Subject: [PATCH] SUDO: Root should be able to read/write sssd-sudo socket There is not any reason to require additional capabilities from root when sssd is running as unprivileged user. Sudo UNIX socket is not a real private socket. It just cannot be used by others. Just owner(sssd) and root should be able to use it. Resolves: https://pagure.io/SSSD/sssd/issue/3778 Merges: https://pagure.io/SSSD/sssd/pull-request/3784 Reviewed-by: Jakub Hrozek (cherry picked from commit 21ea8204a0bd8ea4451f420713e909d3cfee34ef) --- src/sysv/systemd/sssd-sudo.socket.in | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/sysv/systemd/sssd-sudo.socket.in b/src/sysv/systemd/sssd-sudo.socket.in index 96a8b0327ddb4d331c9b2e97ece3453f8f76872d..e94a2f6151e3d69edc304776b72a81db22762503 100644 --- a/src/sysv/systemd/sssd-sudo.socket.in +++ b/src/sysv/systemd/sssd-sudo.socket.in @@ -10,8 +10,7 @@ Conflicts=shutdown.target ExecStartPre=@libexecdir@/sssd/sssd_check_socket_activated_responders -r sudo ListenStream=@pipepath@/sudo SocketUser=@SSSD_USER@ -SocketGroup=@SSSD_USER@ -SocketMode=0600 +SocketMode=0660 [Install] WantedBy=sssd.service -- 2.14.4