From e4ae4d6129e85fe99bbb82438ed90352400ecdf3 Mon Sep 17 00:00:00 2001
From: Alexey Tikhonov <atikhono@redhat.com>
Date: Fri, 26 Jul 2024 15:55:01 +0200
Subject: [PATCH] BUILD: configure logrotate to work with non-root-group
 writable folder
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Otherwise logrotate complains:
```
error: skipping "/var/log/sssd/sssd_kcm.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
```

See https://bugzilla.redhat.com/show_bug.cgi?id=2299733 for details

Reviewed-by: Jakub Vávra <jvavra@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
---
 Makefile.am                              | 1 +
 configure.ac                             | 1 +
 src/examples/{logrotate => logrotate.in} | 1 +
 3 files changed, 3 insertions(+)
 rename src/examples/{logrotate => logrotate.in} (90%)

diff --git a/Makefile.am b/Makefile.am
index f4cadee6f3a..82e0c5882a3 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -5706,6 +5706,7 @@ endif
 	rm -f $(builddir)/src/sysv/systemd/sssd-kcm.socket
 	rm -f $(builddir)/src/sysv/systemd/sssd-kcm.service
 	rm -f $(builddir)/src/tools/wrappers/sss_debuglevel
+	rm -Rf $(builddir)/src/examples
 	rm -Rf $(builddir)/contrib
 
 CLEANFILES += *.X */*.X */*/*.X
diff --git a/configure.ac b/configure.ac
index 105d77a4d92..380c16ba80a 100644
--- a/configure.ac
+++ b/configure.ac
@@ -563,6 +563,7 @@ AC_DEFINE_UNQUOTED([ABS_SRC_DIR], ["$my_srcdir"], [Absolute path to the source d
 AC_CONFIG_FILES([Makefile contrib/sssd.spec src/examples/rwtab src/doxy.config
                  contrib/sssd-pcsc.rules contrib/90-sssd-token-access.rules
                  contrib/sssd-tmpfiles.conf
+                 src/examples/logrotate
                  src/sysv/sssd src/sysv/gentoo/sssd src/sysv/gentoo/sssd-kcm
                  po/Makefile.in src/man/Makefile src/tests/cwrap/Makefile
                  src/tests/intg/Makefile src/tests/test_CA/Makefile
diff --git a/src/examples/logrotate b/src/examples/logrotate.in
similarity index 90%
rename from src/examples/logrotate
rename to src/examples/logrotate.in
index 6e769451ce5..0421946a2dc 100644
--- a/src/examples/logrotate
+++ b/src/examples/logrotate.in
@@ -6,6 +6,7 @@
     rotate 2
     compress
     delaycompress
+    su @SSSD_USER@ @SSSD_USER@
     postrotate
         /bin/kill -HUP `cat /var/run/sssd.pid 2>/dev/null` 2> /dev/null || true
         /bin/pkill -HUP sssd_kcm 2> /dev/null || true