From 4ddcf73562f7497274d7bde731aedd2353a84ff5 Mon Sep 17 00:00:00 2001
From: Alexey Tikhonov <atikhono@redhat.com>
Date: Thu, 9 May 2024 14:02:35 +0200
Subject: [PATCH] SYSTEMD: don't chown() logs

Reconfiguration of SSSD service user should be exceptionally rare event,
so it's reasonable to expect that administrator should also wipe artifacts
(logs, ldb-cache) manually in this case, so keeping chown()-s in service
file isn't justified.
---
 src/sysv/systemd/sssd-autofs.service.in | 1 -
 src/sysv/systemd/sssd-ifp.service.in    | 1 -
 src/sysv/systemd/sssd-nss.service.in    | 1 -
 src/sysv/systemd/sssd-pac.service.in    | 1 -
 src/sysv/systemd/sssd-pam.service.in    | 1 -
 src/sysv/systemd/sssd-ssh.service.in    | 1 -
 src/sysv/systemd/sssd-sudo.service.in   | 1 -
 7 files changed, 7 deletions(-)

diff --git a/src/sysv/systemd/sssd-autofs.service.in b/src/sysv/systemd/sssd-autofs.service.in
index 1c4cb02bbc7..0fa24b2471a 100644
--- a/src/sysv/systemd/sssd-autofs.service.in
+++ b/src/sysv/systemd/sssd-autofs.service.in
@@ -11,7 +11,6 @@ Also=sssd-autofs.socket
 [Service]
 Environment=DEBUG_LOGGER=--logger=files
 EnvironmentFile=-@environment_file@
-ExecStartPre=+-/bin/chown @SSSD_USER@:@SSSD_USER@ @logpath@/sssd_autofs.log
 ExecStart=@libexecdir@/sssd/sssd_autofs ${DEBUG_LOGGER} --socket-activated
 # No capabilities:
 CapabilityBoundingSet=
diff --git a/src/sysv/systemd/sssd-ifp.service.in b/src/sysv/systemd/sssd-ifp.service.in
index 39e9d23d1ab..1ab163392f5 100644
--- a/src/sysv/systemd/sssd-ifp.service.in
+++ b/src/sysv/systemd/sssd-ifp.service.in
@@ -9,7 +9,6 @@ Environment=DEBUG_LOGGER=--logger=files
 EnvironmentFile=-@environment_file@
 Type=dbus
 BusName=org.freedesktop.sssd.infopipe
-ExecStartPre=+-/bin/chown @SSSD_USER@:@SSSD_USER@ @logpath@/sssd_ifp.log
 ExecStart=@libexecdir@/sssd/sssd_ifp ${DEBUG_LOGGER} --socket-activated
 # No capabilities:
 CapabilityBoundingSet=
diff --git a/src/sysv/systemd/sssd-nss.service.in b/src/sysv/systemd/sssd-nss.service.in
index 3da897c4d65..bea93d192a5 100644
--- a/src/sysv/systemd/sssd-nss.service.in
+++ b/src/sysv/systemd/sssd-nss.service.in
@@ -11,7 +11,6 @@ Also=sssd-nss.socket
 [Service]
 Environment=DEBUG_LOGGER=--logger=files
 EnvironmentFile=-@environment_file@
-ExecStartPre=+-/bin/chown @SSSD_USER@:@SSSD_USER@ @logpath@/sssd_nss.log
 ExecStart=@libexecdir@/sssd/sssd_nss ${DEBUG_LOGGER} --socket-activated
 # No capabilities:
 CapabilityBoundingSet=
diff --git a/src/sysv/systemd/sssd-pac.service.in b/src/sysv/systemd/sssd-pac.service.in
index 57359a98f6c..c2420c143f0 100644
--- a/src/sysv/systemd/sssd-pac.service.in
+++ b/src/sysv/systemd/sssd-pac.service.in
@@ -11,7 +11,6 @@ Also=sssd-pac.socket
 [Service]
 Environment=DEBUG_LOGGER=--logger=files
 EnvironmentFile=-@environment_file@
-ExecStartPre=+-/bin/chown @SSSD_USER@:@SSSD_USER@ @logpath@/sssd_pac.log
 ExecStart=@libexecdir@/sssd/sssd_pac ${DEBUG_LOGGER} --socket-activated
 # No capabilities:
 CapabilityBoundingSet=
diff --git a/src/sysv/systemd/sssd-pam.service.in b/src/sysv/systemd/sssd-pam.service.in
index 2fececccac1..a4a051ba606 100644
--- a/src/sysv/systemd/sssd-pam.service.in
+++ b/src/sysv/systemd/sssd-pam.service.in
@@ -11,7 +11,6 @@ Also=sssd-pam.socket
 [Service]
 Environment=DEBUG_LOGGER=--logger=files
 EnvironmentFile=-@environment_file@
-ExecStartPre=+-/bin/chown @SSSD_USER@:@SSSD_USER@ @logpath@/sssd_pam.log @logpath@/p11_child.log
 ExecStart=@libexecdir@/sssd/sssd_pam ${DEBUG_LOGGER} --socket-activated
 # No capabilities:
 CapabilityBoundingSet=
diff --git a/src/sysv/systemd/sssd-ssh.service.in b/src/sysv/systemd/sssd-ssh.service.in
index e0ca06e7143..dc1f46d1ee6 100644
--- a/src/sysv/systemd/sssd-ssh.service.in
+++ b/src/sysv/systemd/sssd-ssh.service.in
@@ -11,7 +11,6 @@ Also=sssd-ssh.socket
 [Service]
 Environment=DEBUG_LOGGER=--logger=files
 EnvironmentFile=-@environment_file@
-ExecStartPre=+-/bin/chown @SSSD_USER@:@SSSD_USER@ @logpath@/sssd_ssh.log @logpath@/p11_child.log
 ExecStart=@libexecdir@/sssd/sssd_ssh ${DEBUG_LOGGER} --socket-activated
 # No capabilities:
 CapabilityBoundingSet=
diff --git a/src/sysv/systemd/sssd-sudo.service.in b/src/sysv/systemd/sssd-sudo.service.in
index fbf195031d0..f2d104ad419 100644
--- a/src/sysv/systemd/sssd-sudo.service.in
+++ b/src/sysv/systemd/sssd-sudo.service.in
@@ -11,7 +11,6 @@ Also=sssd-sudo.socket
 [Service]
 Environment=DEBUG_LOGGER=--logger=files
 EnvironmentFile=-@environment_file@
-ExecStartPre=+-/bin/chown @SSSD_USER@:@SSSD_USER@ @logpath@/sssd_sudo.log
 ExecStart=@libexecdir@/sssd/sssd_sudo ${DEBUG_LOGGER} --socket-activated
 # No capabilities:
 CapabilityBoundingSet=