From a4bf7ab0f8ece33947a8dae739c9f677e63854dd Mon Sep 17 00:00:00 2001 From: Alexey Tikhonov Date: Tue, 20 Feb 2024 20:50:28 +0100 Subject: [PATCH] SSSDConfig: chown() sssd.conf to SSSD service user --- src/config/SSSDConfig/__init__.py.in | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in index 225b92fdc95..006e20903e8 100644 --- a/src/config/SSSDConfig/__init__.py.in +++ b/src/config/SSSDConfig/__init__.py.in @@ -6,7 +6,10 @@ Created on Sep 18, 2009 import os import re +import shutil +import subprocess import sys +from contextlib import suppress from .sssdoptions import SSSDOptions from .ipachangeconf import SSSDChangeConf @@ -1063,6 +1066,14 @@ class SSSDConfig(SSSDChangeConf): output = self.dump(self.opts) of.write(output) os.umask(old_umask) + service_user = "" + ret = subprocess.run(["systemctl", "show", "sssd", "--value", "--property", "User"], capture_output=True, text=True) + if ret.returncode == 0: + service_user = ret.stdout.strip() + if service_user == "": + service_user = "root" + with suppress(PermissionError): + shutil.chown(outputfile, service_user, service_user) def list_active_services(self): """