SYSTEMD: chown() sssd.conf in service file

Reviewed-by: Iker Pedrosa <[email protected]> Reviewed-by: Justin Stephenson <[email protected]> Reviewed-by: Sumit Bose <[email protected]>
SSSD · May 13, 2024 · 7bab236 · 7bab236
1 parent ca684cd
commit 7bab236
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 1 deletion.
diff --git a/Makefile.am b/Makefile.am
@@ -5309,7 +5309,8 @@ edit_cmd = $(SED) \
         -e 's|@capabilities[@]|$(capabilities)|g' \
         -e 's|@nss_service_user_group[@]|$(nss_service_user_group)|g' \
         -e 's|@nss_socket_user_group[@]|$(nss_socket_user_group)|g' \
-        -e 's|@supplementary_groups[@]|$(supplementary_groups)|g'
+        -e 's|@supplementary_groups[@]|$(supplementary_groups)|g' \
+        -e 's|@sssdconfdir[@]|$(sssdconfdir)|g'
 
 replace_script = \
     @rm -f $@ $@.tmp; \

diff --git a/src/sysv/systemd/sssd-kcm.service.in b/src/sysv/systemd/sssd-kcm.service.in
@@ -9,6 +9,8 @@ Also=sssd-kcm.socket
 
 [Service]
 Environment=DEBUG_LOGGER=--logger=files
+ExecStartPre=+-/bin/chown -f @SSSD_USER@:@SSSD_USER@ @sssdconfdir@/sssd.conf
+ExecStartPre=+-/bin/chown -f -R @SSSD_USER@:@SSSD_USER@ @sssdconfdir@/conf.d
 ExecStart=@libexecdir@/sssd/sssd_kcm ${DEBUG_LOGGER}
 CapabilityBoundingSet= CAP_DAC_OVERRIDE CAP_CHOWN CAP_SETGID CAP_SETUID
 SecureBits=noroot noroot-locked

diff --git a/src/sysv/systemd/sssd.service.in b/src/sysv/systemd/sssd.service.in
@@ -10,6 +10,9 @@ StartLimitBurst=5
 [Service]
 Environment=DEBUG_LOGGER=--logger=files
 EnvironmentFile=-@environment_file@
+ExecStartPre=+-/bin/chown -f @SSSD_USER@:@SSSD_USER@ @sssdconfdir@/sssd.conf
+ExecStartPre=+-/bin/chown -f -R @SSSD_USER@:@SSSD_USER@ @sssdconfdir@/conf.d
+ExecStartPre=+-/bin/chown -f -R @SSSD_USER@:@SSSD_USER@ @sssdconfdir@/pki
 ExecStart=@sbindir@/sssd -i ${DEBUG_LOGGER}
 Type=notify
 NotifyAccess=main