From d140aa913a0aad28b151c79f4c6f7ff5d8fee6c9 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Tue, 5 Aug 2014 13:53:20 +0200 Subject: [PATCH 25/46] RPM: Change file ownership to sssd.sssd Adds a private SSSD user in the %pre section of SSSD specfile. Also changes the ownership of SSSD private directories to sssd.sssd. Does not change the configure time default, so SSSD will still run as root. The file and directory ownership does not widen, because the directories are still only accessible by the private user (whose shell is /sbin/nologin) and of course the root user. Reviewed-by: Pavel Reichl Reviewed-by: Simo Sorce (cherry picked from commit fa24dabfd480e1ce346009336c7979ab59520c44) --- contrib/sssd.spec.in | 26 +++++++++++++++----------- 1 file changed, 15 insertions(+), 11 deletions(-) diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in index e5de4c44c4b4982f6819af363fdb8a32930f6137..db3bbcb09d6b27ca785f511ce6414fbeaaf445c6 100644 --- a/contrib/sssd.spec.in +++ b/contrib/sssd.spec.in @@ -604,17 +604,17 @@ rm -rf $RPM_BUILD_ROOT %dir %{sssdstatedir} %dir %{_localstatedir}/cache/krb5rcache -%attr(700,root,root) %dir %{dbpath} -%attr(755,root,root) %dir %{mcpath} -%ghost %attr(0644,root,root) %verify(not md5 size mtime) %{mcpath}/passwd -%ghost %attr(0644,root,root) %verify(not md5 size mtime) %{mcpath}/group -%attr(755,root,root) %dir %{pipepath} -%attr(755,root,root) %dir %{pubconfpath} -%attr(755,root,root) %dir %{gpocachepath} -%attr(700,root,root) %dir %{pipepath}/private -%attr(750,root,root) %dir %{_var}/log/%{name} -%attr(711,root,root) %dir %{_sysconfdir}/sssd -%ghost %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/sssd/sssd.conf +%attr(700,sssd,sssd) %dir %{dbpath} +%attr(755,sssd,sssd) %dir %{mcpath} +%ghost %attr(0644,sssd,sssd) %verify(not md5 size mtime) %{mcpath}/passwd +%ghost %attr(0644,sssd,sssd) %verify(not md5 size mtime) %{mcpath}/group +%attr(755,sssd,sssd) %dir %{pipepath} +%attr(755,sssd,sssd) %dir %{pubconfpath} +%attr(755,sssd,sssd) %dir %{gpocachepath} +%attr(700,sssd,sssd) %dir %{pipepath}/private +%attr(750,sssd,sssd) %dir %{_var}/log/%{name} +%attr(711,sssd,sssd) %dir %{_sysconfdir}/sssd +%ghost %attr(0600,sssd,sssd) %config(noreplace) %{_sysconfdir}/sssd/sssd.conf %if (0%{?use_systemd} == 1) %attr(755,root,root) %dir %{_sysconfdir}/systemd/system/sssd.service.d %config(noreplace) %{_sysconfdir}/systemd/system/sssd.service.d/journal.conf @@ -803,6 +803,10 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/%{name}/modules/libwbclient.so %{_libdir}/pkgconfig/wbclient_sssd.pc +%pre common +getent group sssd >/dev/null || groupadd -r sssd +getent passwd sssd >/dev/null || useradd -r -g sssd -d / -s /sbin/nologin -c "User for sssd" sssd + %if (0%{?use_systemd} == 1) # systemd %post common -- 1.9.3