From 88b6f5da86301ac3f76cacdc99d7ab5045a5a3a6 Mon Sep 17 00:00:00 2001

From: Jakub Hrozek <jhrozek@redhat.com>

Date: Fri, 17 Oct 2014 18:14:45 +0200

Subject: [PATCH 40/46] SUDO: Run the sudo responder as the SSSD user

Reviewed-by: Pavel Reichl <preichl@redhat.com>

Reviewed-by: Simo Sorce <simo@redhat.com>

(cherry picked from commit 3f9e2c24dbc14b2eafbe4f5a5ee16fe9af3c3f75)

---

 src/monitor/monitor.c        | 3 ++-

 src/responder/sudo/sudosrv.c | 2 +-

 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/monitor/monitor.c b/src/monitor/monitor.c

index 61a9f0b849a460da88b393b4f08795fb7a571886..d09aeba9033ff1460f9d4a6c51f35edbf2e67fa6 100644

--- a/src/monitor/monitor.c

+++ b/src/monitor/monitor.c

@@ -1065,7 +1065,8 @@ static bool svc_supported_as_nonroot(const char *svc_name)

     if ((strcmp(svc_name, "nss") == 0)

         || (strcmp(svc_name, "pam") == 0)

         || (strcmp(svc_name, "autofs") == 0)

-        || (strcmp(svc_name, "pac") == 0)) {

+        || (strcmp(svc_name, "pac") == 0)

+        || (strcmp(svc_name, "sudo") == 0)) {

         return true;

     }

     return false;

diff --git a/src/responder/sudo/sudosrv.c b/src/responder/sudo/sudosrv.c

index 038e3fd7da0829ce554a31694725c3dddaf5c038..a25f98ecabaa952a7cd87c54cd302903cb563faf 100644

--- a/src/responder/sudo/sudosrv.c

+++ b/src/responder/sudo/sudosrv.c

@@ -195,7 +195,7 @@ int main(int argc, const char *argv[])

     /* set up things like debug, signals, daemonization, etc... */

     debug_log_file = "sssd_sudo";

-    ret = server_setup("sssd[sudo]", 0, 0, 0, CONFDB_SUDO_CONF_ENTRY,

+    ret = server_setup("sssd[sudo]", 0, uid, gid, CONFDB_SUDO_CONF_ENTRY,

                        &main_ctx);

     if (ret != EOK) {

         return 2;

-- 

1.9.3