diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in index 042e66260c9..d137c092cdb 100644 --- a/contrib/sssd.spec.in +++ b/contrib/sssd.spec.in @@ -1057,6 +1057,7 @@ getent passwd sssd >/dev/null || useradd -r -g sssd -d / -s /sbin/nologin -c "Us %__chown %{sssd_user}:%{sssd_user} %{dbpath}/* %__chown %{sssd_user}:%{sssd_user} %{_sysconfdir}/sssd/sssd.conf %__chown -R %{sssd_user}:%{sssd_user} %{_sysconfdir}/sssd/conf.d +%__chown %{sssd_user}:%{sssd_user} %{_var}/log/%{name}/*.log %preun common %systemd_preun sssd.service diff --git a/src/sysv/systemd/sssd-nss.service.in b/src/sysv/systemd/sssd-nss.service.in index bea93d192a5..3da897c4d65 100644 --- a/src/sysv/systemd/sssd-nss.service.in +++ b/src/sysv/systemd/sssd-nss.service.in @@ -11,6 +11,7 @@ Also=sssd-nss.socket [Service] Environment=DEBUG_LOGGER=--logger=files EnvironmentFile=-@environment_file@ +ExecStartPre=+-/bin/chown @SSSD_USER@:@SSSD_USER@ @logpath@/sssd_nss.log ExecStart=@libexecdir@/sssd/sssd_nss ${DEBUG_LOGGER} --socket-activated # No capabilities: CapabilityBoundingSet=