Tree - rpms/sssd - CentOS Git server

rpms / sssd

Files

Commit: cdf651568fcb78e20bc9412c18e71a719d3a93fe
Blob Blame History Raw
From 2708fb488277209a60a5daf5217502c029c196c1 Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lslebodn@redhat.com>
Date: Tue, 24 Jul 2018 18:52:08 +0000
Subject: [PATCH] SUDO: Root should be able to read/write sssd-sudo socket

There is not any reason to require additional capabilities from root
when sssd is running as unprivileged user.

Sudo UNIX socket is not a real private socket. It just cannot
be used by others. Just owner(sssd) and root should be able to use it.

Resolves:
https://pagure.io/SSSD/sssd/issue/3778

Merges: https://pagure.io/SSSD/sssd/pull-request/3784

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit 21ea8204a0bd8ea4451f420713e909d3cfee34ef)
---
 src/sysv/systemd/sssd-sudo.socket.in | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/src/sysv/systemd/sssd-sudo.socket.in b/src/sysv/systemd/sssd-sudo.socket.in
index 96a8b0327ddb4d331c9b2e97ece3453f8f76872d..e94a2f6151e3d69edc304776b72a81db22762503 100644
--- a/src/sysv/systemd/sssd-sudo.socket.in
+++ b/src/sysv/systemd/sssd-sudo.socket.in
@@ -10,8 +10,7 @@ Conflicts=shutdown.target
 ExecStartPre=@libexecdir@/sssd/sssd_check_socket_activated_responders -r sudo
 ListenStream=@pipepath@/sudo
 SocketUser=@SSSD_USER@
-SocketGroup=@SSSD_USER@
-SocketMode=0600
+SocketMode=0660
 
 [Install]
 WantedBy=sssd.service
-- 
2.14.4
rpms / sssd

Source Code

Files
