From 5531e1de5be2a5b0be1f016e36d5a4ee8a551845 Mon Sep 17 00:00:00 2001
From: Alexey Tikhonov <atikhono@redhat.com>
Date: Thu, 9 May 2024 14:02:35 +0200
Subject: [PATCH] SYSTEMD: don't chown() logs

Reconfiguration of SSSD service user should be exceptionally rare event,
so it's reasonable to expect that administrator should also wipe artifacts
(logs, ldb-cache) manually in this case, so keeping chown()-s in service
file isn't justified.

:packaging: systemd service files for socket activated responders don't
chown() logs anymore. chown() happens once during package update. In case
of reconfiguration of SSSD service user after installation, logs files
and ldb-cache files should be deleted or chown()-ed manually.

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
---
 src/sysv/systemd/sssd-autofs.service.in | 1 -
 src/sysv/systemd/sssd-ifp.service.in    | 1 -
 src/sysv/systemd/sssd-nss.service.in    | 1 -
 src/sysv/systemd/sssd-pac.service.in    | 1 -
 src/sysv/systemd/sssd-pam.service.in    | 1 -
 src/sysv/systemd/sssd-ssh.service.in    | 1 -
 src/sysv/systemd/sssd-sudo.service.in   | 1 -
 7 files changed, 7 deletions(-)

diff --git a/src/sysv/systemd/sssd-autofs.service.in b/src/sysv/systemd/sssd-autofs.service.in
index 1c4cb02bbc7..0fa24b2471a 100644
--- a/src/sysv/systemd/sssd-autofs.service.in
+++ b/src/sysv/systemd/sssd-autofs.service.in
@@ -11,7 +11,6 @@ Also=sssd-autofs.socket
 [Service]
 Environment=DEBUG_LOGGER=--logger=files
 EnvironmentFile=-@environment_file@
-ExecStartPre=+-/bin/chown @SSSD_USER@:@SSSD_USER@ @logpath@/sssd_autofs.log
 ExecStart=@libexecdir@/sssd/sssd_autofs ${DEBUG_LOGGER} --socket-activated
 # No capabilities:
 CapabilityBoundingSet=
diff --git a/src/sysv/systemd/sssd-ifp.service.in b/src/sysv/systemd/sssd-ifp.service.in
index 39e9d23d1ab..1ab163392f5 100644
--- a/src/sysv/systemd/sssd-ifp.service.in
+++ b/src/sysv/systemd/sssd-ifp.service.in
@@ -9,7 +9,6 @@ Environment=DEBUG_LOGGER=--logger=files
 EnvironmentFile=-@environment_file@
 Type=dbus
 BusName=org.freedesktop.sssd.infopipe
-ExecStartPre=+-/bin/chown @SSSD_USER@:@SSSD_USER@ @logpath@/sssd_ifp.log
 ExecStart=@libexecdir@/sssd/sssd_ifp ${DEBUG_LOGGER} --socket-activated
 # No capabilities:
 CapabilityBoundingSet=
diff --git a/src/sysv/systemd/sssd-nss.service.in b/src/sysv/systemd/sssd-nss.service.in
index 3da897c4d65..bea93d192a5 100644
--- a/src/sysv/systemd/sssd-nss.service.in
+++ b/src/sysv/systemd/sssd-nss.service.in
@@ -11,7 +11,6 @@ Also=sssd-nss.socket
 [Service]
 Environment=DEBUG_LOGGER=--logger=files
 EnvironmentFile=-@environment_file@
-ExecStartPre=+-/bin/chown @SSSD_USER@:@SSSD_USER@ @logpath@/sssd_nss.log
 ExecStart=@libexecdir@/sssd/sssd_nss ${DEBUG_LOGGER} --socket-activated
 # No capabilities:
 CapabilityBoundingSet=
diff --git a/src/sysv/systemd/sssd-pac.service.in b/src/sysv/systemd/sssd-pac.service.in
index 57359a98f6c..c2420c143f0 100644
--- a/src/sysv/systemd/sssd-pac.service.in
+++ b/src/sysv/systemd/sssd-pac.service.in
@@ -11,7 +11,6 @@ Also=sssd-pac.socket
 [Service]
 Environment=DEBUG_LOGGER=--logger=files
 EnvironmentFile=-@environment_file@
-ExecStartPre=+-/bin/chown @SSSD_USER@:@SSSD_USER@ @logpath@/sssd_pac.log
 ExecStart=@libexecdir@/sssd/sssd_pac ${DEBUG_LOGGER} --socket-activated
 # No capabilities:
 CapabilityBoundingSet=
diff --git a/src/sysv/systemd/sssd-pam.service.in b/src/sysv/systemd/sssd-pam.service.in
index 2fececccac1..a4a051ba606 100644
--- a/src/sysv/systemd/sssd-pam.service.in
+++ b/src/sysv/systemd/sssd-pam.service.in
@@ -11,7 +11,6 @@ Also=sssd-pam.socket
 [Service]
 Environment=DEBUG_LOGGER=--logger=files
 EnvironmentFile=-@environment_file@
-ExecStartPre=+-/bin/chown @SSSD_USER@:@SSSD_USER@ @logpath@/sssd_pam.log @logpath@/p11_child.log
 ExecStart=@libexecdir@/sssd/sssd_pam ${DEBUG_LOGGER} --socket-activated
 # No capabilities:
 CapabilityBoundingSet=
diff --git a/src/sysv/systemd/sssd-ssh.service.in b/src/sysv/systemd/sssd-ssh.service.in
index e0ca06e7143..dc1f46d1ee6 100644
--- a/src/sysv/systemd/sssd-ssh.service.in
+++ b/src/sysv/systemd/sssd-ssh.service.in
@@ -11,7 +11,6 @@ Also=sssd-ssh.socket
 [Service]
 Environment=DEBUG_LOGGER=--logger=files
 EnvironmentFile=-@environment_file@
-ExecStartPre=+-/bin/chown @SSSD_USER@:@SSSD_USER@ @logpath@/sssd_ssh.log @logpath@/p11_child.log
 ExecStart=@libexecdir@/sssd/sssd_ssh ${DEBUG_LOGGER} --socket-activated
 # No capabilities:
 CapabilityBoundingSet=
diff --git a/src/sysv/systemd/sssd-sudo.service.in b/src/sysv/systemd/sssd-sudo.service.in
index fbf195031d0..f2d104ad419 100644
--- a/src/sysv/systemd/sssd-sudo.service.in
+++ b/src/sysv/systemd/sssd-sudo.service.in
@@ -11,7 +11,6 @@ Also=sssd-sudo.socket
 [Service]
 Environment=DEBUG_LOGGER=--logger=files
 EnvironmentFile=-@environment_file@
-ExecStartPre=+-/bin/chown @SSSD_USER@:@SSSD_USER@ @logpath@/sssd_sudo.log
 ExecStart=@libexecdir@/sssd/sssd_sudo ${DEBUG_LOGGER} --socket-activated
 # No capabilities:
 CapabilityBoundingSet=