Add and document ability to run saslauth as non-root user, revert previous solution (#1189203)
This commit is contained in:
Jakub Jelen
parent
25b0bbbdb6
commit
af2b298796
33
cyrus-sasl-2.1.26-saslauthd-user.patch
Normal file
33
cyrus-sasl-2.1.26-saslauthd-user.patch
Normal file
@ -0,0 +1,33 @@
|
||||
diff --git a/saslauthd/saslauthd.mdoc b/saslauthd/saslauthd.mdoc
|
||||
index 37c6f6e..5b635ab 100644
|
||||
--- a/saslauthd/saslauthd.mdoc
|
||||
+++ b/saslauthd/saslauthd.mdoc
|
||||
@@ -44,7 +44,27 @@ multi-user mode. When running against a protected authentication
|
||||
database (e.g. the
|
||||
.Li shadow
|
||||
mechanism),
|
||||
-it must be run as the superuser.
|
||||
+it must be run as the superuser. Otherwise it is recommended to run
|
||||
+daemon unprivileged as saslauth:saslauth. You can do so by following
|
||||
+these steps:
|
||||
+.Bl -enum -compact
|
||||
+.It
|
||||
+create directory
|
||||
+.Pa /etc/systemd/system/saslauthd.service.d/
|
||||
+.It
|
||||
+create file
|
||||
+.Pa /etc/systemd/system/saslauthd.service.d/user.conf
|
||||
+with content
|
||||
+.Bd -literal
|
||||
+[Service]
|
||||
+User=saslauth
|
||||
+Group=saslauth
|
||||
+
|
||||
+.Ed
|
||||
+.It
|
||||
+Reload systemd service file: run
|
||||
+.Dq systemctl daemon-reload
|
||||
+.El
|
||||
.Ss Options
|
||||
Options named by lower\-case letters configure the server itself.
|
||||
Upper\-case options control the behavior of specific authentication
|
||||
@ -58,6 +58,8 @@ Patch53: cyrus-sasl-2.1.26-prefer-SCRAM-SHA-1-over-PLAIN.patch
|
||||
Patch54: cyrus-sasl-2.1.26-sample-leak.patch
|
||||
# Do not leak memory memory leak in plugin_common.c for password callback (#1191183)
|
||||
Patch55: cyrus-sasl-2.1.26-leak-callback-plugin_common.patch
|
||||
# Document ability to run saslauthd unprivileged (#1189203)
|
||||
Patch56: cyrus-sasl-2.1.26-saslauthd-user.patch
|
||||
|
||||
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||
BuildRequires: autoconf, automake, libtool, gdbm-devel, groff
|
||||
@ -204,6 +206,7 @@ chmod -x include/*.h
|
||||
%patch53 -p1 -b .sha1vsplain
|
||||
%patch54 -p1 -b .leak
|
||||
%patch55 -p1 -b .password-callback
|
||||
%patch56 -p1 -b .man-unprivileged
|
||||
|
||||
|
||||
%build
|
||||
@ -378,7 +381,7 @@ getent passwd %{username} >/dev/null || useradd -r -g %{username} -d %{homedir}
|
||||
%config(noreplace) /etc/sysconfig/saslauthd
|
||||
%{_unitdir}/saslauthd.service
|
||||
%{_tmpfilesdir}/saslauthd.conf
|
||||
%dir %attr(-, saslauth, saslauth) /run/saslauthd
|
||||
%dir %attr(0775, root, saslauth) /run/saslauthd
|
||||
|
||||
%files lib
|
||||
%defattr(-,root,root)
|
||||
|
||||
@ -1 +1 @@
|
||||
d /run/saslauthd 0755 saslauth saslauth -
|
||||
d /run/saslauthd 0775 root saslauth -
|
||||
|
||||
Loading…
Reference in New Issue
Block a user