SYSTEMD: chown() sssd.conf in service file

SSSD · May 2, 2024 · 346a808 · 346a808
1 parent aff84d9
commit 346a808
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 0 deletions.
diff --git a/src/sysv/systemd/sssd-kcm.service.in b/src/sysv/systemd/sssd-kcm.service.in
@@ -9,6 +9,8 @@ Also=sssd-kcm.socket
 
 [Service]
 Environment=DEBUG_LOGGER=--logger=files
+ExecStartPre=+-/bin/chown -f @SSSD_USER@:@SSSD_USER@ /etc/sssd/sssd.conf
+ExecStartPre=+-/bin/chown -f -R @SSSD_USER@:@SSSD_USER@ /etc/sssd/conf.d
 ExecStart=@libexecdir@/sssd/sssd_kcm ${DEBUG_LOGGER}
 CapabilityBoundingSet= CAP_DAC_OVERRIDE CAP_CHOWN CAP_SETGID CAP_SETUID
 SecureBits=noroot noroot-locked

diff --git a/src/sysv/systemd/sssd.service.in b/src/sysv/systemd/sssd.service.in
@@ -10,6 +10,9 @@ StartLimitBurst=5
 [Service]
 Environment=DEBUG_LOGGER=--logger=files
 EnvironmentFile=-@environment_file@
+ExecStartPre=+-/bin/chown -f @SSSD_USER@:@SSSD_USER@ /etc/sssd/sssd.conf
+ExecStartPre=+-/bin/chown -f -R @SSSD_USER@:@SSSD_USER@ /etc/sssd/conf.d
+ExecStartPre=+-/bin/chown -f -R @SSSD_USER@:@SSSD_USER@ /etc/sssd/pki
 ExecStart=@sbindir@/sssd -i ${DEBUG_LOGGER}
 Type=notify
 NotifyAccess=main