Skip to content

Commit

Permalink
SPEC: make most folders group accessible
Browse files Browse the repository at this point in the history
This allows to replace a bunch of chown() (requiring CAP_CHOWN) and
the need for CAP_DAC_OVERRIDE with single addition of supplementary group
  • Loading branch information
alexey-tikhonov committed Sep 4, 2023
1 parent 944a633 commit 5054056
Showing 1 changed file with 6 additions and 6 deletions.
12 changes: 6 additions & 6 deletions contrib/sssd.spec.in
Original file line number Diff line number Diff line change
Expand Up @@ -761,18 +761,18 @@ done

%dir %{sssdstatedir}
%dir %{_localstatedir}/cache/krb5rcache
%attr(700,%{sssd_user},%{sssd_user}) %dir %{dbpath}
%attr(770,%{sssd_user},%{sssd_user}) %dir %{dbpath}
%attr(775,%{sssd_user},%{sssd_user}) %dir %{mcpath}
%attr(700,root,root) %dir %{secdbpath}
%attr(751,%{sssd_user},%{sssd_user}) %dir %{deskprofilepath}
%ghost %attr(0664,%{sssd_user},%{sssd_user}) %verify(not md5 size mtime) %{mcpath}/passwd
%ghost %attr(0664,%{sssd_user},%{sssd_user}) %verify(not md5 size mtime) %{mcpath}/group
%ghost %attr(0664,%{sssd_user},%{sssd_user}) %verify(not md5 size mtime) %{mcpath}/initgroups
%attr(755,%{sssd_user},%{sssd_user}) %dir %{pipepath}
%attr(750,%{sssd_user},root) %dir %{pipepath}/private
%attr(755,%{sssd_user},%{sssd_user}) %dir %{pubconfpath}
%attr(750,%{sssd_user},%{sssd_user}) %dir %{gpocachepath}
%attr(750,%{sssd_user},%{sssd_user}) %dir %{_var}/log/%{name}
%attr(775,%{sssd_user},%{sssd_user}) %dir %{pipepath}
%attr(770,%{sssd_user},root) %dir %{pipepath}/private
%attr(775,%{sssd_user},%{sssd_user}) %dir %{pubconfpath}
%attr(770,%{sssd_user},%{sssd_user}) %dir %{gpocachepath}
%attr(770,%{sssd_user},%{sssd_user}) %dir %{_var}/log/%{name}
%attr(700,%{sssd_user},%{sssd_user}) %dir %{_sysconfdir}/sssd
%attr(700,%{sssd_user},%{sssd_user}) %dir %{_sysconfdir}/sssd/conf.d
%attr(700,%{sssd_user},%{sssd_user}) %dir %{_sysconfdir}/sssd/pki
Expand Down

0 comments on commit 5054056

Please sign in to comment.