Skip to content

Commit

Permalink
SYSTEMD: CAP_CHOWN isn't needed anymore
Browse files Browse the repository at this point in the history
  • Loading branch information
alexey-tikhonov committed Jan 30, 2024
1 parent 733ffd7 commit 0d74539
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion src/sysv/systemd/sssd.service.in
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ PIDFile=@pidpath@/sssd.pid
# Currently main SSSD process ('sssd') always runs under 'root'
# ('User=' and 'Group=' defaults to 'root' for system services)
# 'CapabilityBoundingSet' is used to limit privileges set:
CapabilityBoundingSet= @additional_caps@ CAP_CHOWN CAP_KILL CAP_SETGID CAP_SETUID
CapabilityBoundingSet= @additional_caps@ CAP_KILL CAP_SETGID CAP_SETUID
Restart=on-abnormal
@supplementary_groups@

Expand Down

0 comments on commit 0d74539

Please sign in to comment.