rpms/sssd
5
0
Fork 0
Code Issues Pull Requests Releases Activity
c134d235f6
sssd/0004-SYSTEMD-SERVICE-use-no-dereference-for-chown.patch
Alexey Tikhonov 116f075756 Resolves: RHEL-62725 - Rebase SSSD for RHEL 10.0
2024-12-18 16:59:37 +01:00

56 lines
2.5 KiB
Diff
Raw Blame History

From 97629f36becb8acf7ed9de82f4d2649aa45098f9 Mon Sep 17 00:00:00 2001
From: Alexey Tikhonov <atikhono@redhat.com>
Date: Fri, 6 Dec 2024 20:03:16 +0100
Subject: [PATCH] SYSTEMD SERVICE: use "--no-dereference" for 'chown'
to avoid following accidential symbolic links in those dirs.
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit a20fa0ffd6cb61bc164f52403f396cce6de8b2ea)
---
src/sysv/systemd/sssd-kcm.service.in | 6 +++---
src/sysv/systemd/sssd.service.in | 8 ++++----
2 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/src/sysv/systemd/sssd-kcm.service.in b/src/sysv/systemd/sssd-kcm.service.in
index 3e48945aa..088611254 100644
--- a/src/sysv/systemd/sssd-kcm.service.in
+++ b/src/sysv/systemd/sssd-kcm.service.in
@@ -9,10 +9,10 @@ Also=sssd-kcm.socket
[Service]
Environment=DEBUG_LOGGER=--logger=files
-ExecStartPre=+-/bin/chown -f -R root:@SSSD_USER@ @sssdconfdir@
+ExecStartPre=+-/bin/chown -f -R -h root:@SSSD_USER@ @sssdconfdir@
ExecStartPre=+-/bin/chmod -f -R g+r @sssdconfdir@
-ExecStartPre=+-/bin/sh -c "/bin/chown -f @SSSD_USER@:@SSSD_USER@ @secdbpath@/*.ldb"
-ExecStartPre=+-/bin/chown -f @SSSD_USER@:@SSSD_USER@ @logpath@/sssd_kcm.log
+ExecStartPre=+-/bin/sh -c "/bin/chown -f -h @SSSD_USER@:@SSSD_USER@ @secdbpath@/*.ldb"
+ExecStartPre=+-/bin/chown -f -h @SSSD_USER@:@SSSD_USER@ @logpath@/sssd_kcm.log
ExecStart=@libexecdir@/sssd/sssd_kcm ${DEBUG_LOGGER}
CapabilityBoundingSet= CAP_DAC_READ_SEARCH CAP_SETGID CAP_SETUID
SecureBits=noroot noroot-locked
diff --git a/src/sysv/systemd/sssd.service.in b/src/sysv/systemd/sssd.service.in
index 4f3cd24ff..441e35f6f 100644
--- a/src/sysv/systemd/sssd.service.in
+++ b/src/sysv/systemd/sssd.service.in
@@ -10,11 +10,11 @@ StartLimitBurst=5
[Service]
Environment=DEBUG_LOGGER=--logger=files
EnvironmentFile=-@environment_file@
-ExecStartPre=+-/bin/chown -f -R root:@SSSD_USER@ @sssdconfdir@
+ExecStartPre=+-/bin/chown -f -R -h root:@SSSD_USER@ @sssdconfdir@
ExecStartPre=+-/bin/chmod -f -R g+r @sssdconfdir@
-ExecStartPre=+-/bin/sh -c "/bin/chown -f @SSSD_USER@:@SSSD_USER@ @dbpath@/*.ldb"
-ExecStartPre=+-/bin/chown -f -R @SSSD_USER@:@SSSD_USER@ @gpocachepath@
-ExecStartPre=+-/bin/sh -c "/bin/chown -f @SSSD_USER@:@SSSD_USER@ @logpath@/*.log"
+ExecStartPre=+-/bin/sh -c "/bin/chown -f -h @SSSD_USER@:@SSSD_USER@ @dbpath@/*.ldb"
+ExecStartPre=+-/bin/chown -f -R -h @SSSD_USER@:@SSSD_USER@ @gpocachepath@
+ExecStartPre=+-/bin/sh -c "/bin/chown -f -h @SSSD_USER@:@SSSD_USER@ @logpath@/*.log"
ExecStart=@sbindir@/sssd -i ${DEBUG_LOGGER}
Type=notify
NotifyAccess=main
--
2.47.0
Reference in New Issue View Git Blame Copy Permalink