From cd81b92c7b1ab5e803e9934e8aebd357285c63ff Mon Sep 17 00:00:00 2001
From: Alexey Tikhonov <atikhono@redhat.com>
Date: Wed, 7 Feb 2024 21:15:11 +0100
Subject: [PATCH] SPEC: make conf folder g+rx

so that SSSD built --with-sssd-user=sssd but run under 'root' can get
to sssd.conf without capabilities (using "SupplementaryGroups=sssd")

sssd.conf still needs to be chown'ed to 'root:root' manually in this
case.
---
 contrib/sssd.spec.in | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in
index 58be3c240be..d03c3a0e1bd 100644
--- a/contrib/sssd.spec.in
+++ b/contrib/sssd.spec.in
@@ -791,9 +791,9 @@ install -D -p -m 0644 contrib/sssd.sysusers %{buildroot}%{_sysusersdir}/sssd.con
 %attr(775,%{sssd_user},%{sssd_user}) %dir %{pubconfpath}
 %attr(770,%{sssd_user},%{sssd_user}) %dir %{gpocachepath}
 %attr(770,%{sssd_user},%{sssd_user}) %dir %{_var}/log/%{name}
-%attr(700,%{sssd_user},%{sssd_user}) %dir %{_sysconfdir}/sssd
-%attr(700,%{sssd_user},%{sssd_user}) %dir %{_sysconfdir}/sssd/conf.d
-%attr(700,%{sssd_user},%{sssd_user}) %dir %{_sysconfdir}/sssd/pki
+%attr(750,%{sssd_user},%{sssd_user}) %dir %{_sysconfdir}/sssd
+%attr(750,%{sssd_user},%{sssd_user}) %dir %{_sysconfdir}/sssd/conf.d
+%attr(750,%{sssd_user},%{sssd_user}) %dir %{_sysconfdir}/sssd/pki
 %ghost %attr(0600,%{sssd_user},%{sssd_user}) %config(noreplace) %{_sysconfdir}/sssd/sssd.conf
 %dir %{_sysconfdir}/logrotate.d
 %config(noreplace) %{_sysconfdir}/logrotate.d/sssd