rpms/sssd
7
0
Fork 0
Code Issues Pull Requests Releases Activity
ed9df7719c
sssd/0001-BUILD-configure-logrotate-to-work-with-non-root-grou.patch
Alexey Tikhonov a710ab4b85 Resolves: RHEL-51891 - [RHEL-10]logrotate.service fails to start because /var/log/sssd has insecure permission 
Resolves: RHEL-52400 - SYSDB: remove index on dataExpireTimestamp [rhel-10]
Resolves: RHEL-50243 - Please install sssd-polkit-rules by default
2024-08-02 12:52:18 +02:00

69 lines
2.6 KiB
Diff
Raw Blame History

From e4ae4d6129e85fe99bbb82438ed90352400ecdf3 Mon Sep 17 00:00:00 2001
From: Alexey Tikhonov <atikhono@redhat.com>
Date: Fri, 26 Jul 2024 15:55:01 +0200
Subject: [PATCH] BUILD: configure logrotate to work with non-root-group
writable folder
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Otherwise logrotate complains:
```
error: skipping "/var/log/sssd/sssd_kcm.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
```
See https://bugzilla.redhat.com/show_bug.cgi?id=2299733 for details
Reviewed-by: Jakub Vávra <jvavra@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
---
Makefile.am | 1 +
configure.ac | 1 +
src/examples/{logrotate => logrotate.in} | 1 +
3 files changed, 3 insertions(+)
rename src/examples/{logrotate => logrotate.in} (90%)
diff --git a/Makefile.am b/Makefile.am
index f4cadee6f..82e0c5882 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -5706,6 +5706,7 @@ endif
rm -f $(builddir)/src/sysv/systemd/sssd-kcm.socket
rm -f $(builddir)/src/sysv/systemd/sssd-kcm.service
rm -f $(builddir)/src/tools/wrappers/sss_debuglevel
+ rm -Rf $(builddir)/src/examples
rm -Rf $(builddir)/contrib
CLEANFILES += *.X */*.X */*/*.X
diff --git a/configure.ac b/configure.ac
index 105d77a4d..380c16ba8 100644
--- a/configure.ac
+++ b/configure.ac
@@ -563,6 +563,7 @@ AC_DEFINE_UNQUOTED([ABS_SRC_DIR], ["$my_srcdir"], [Absolute path to the source d
AC_CONFIG_FILES([Makefile contrib/sssd.spec src/examples/rwtab src/doxy.config
contrib/sssd-pcsc.rules contrib/90-sssd-token-access.rules
contrib/sssd-tmpfiles.conf
+ src/examples/logrotate
src/sysv/sssd src/sysv/gentoo/sssd src/sysv/gentoo/sssd-kcm
po/Makefile.in src/man/Makefile src/tests/cwrap/Makefile
src/tests/intg/Makefile src/tests/test_CA/Makefile
diff --git a/src/examples/logrotate b/src/examples/logrotate.in
similarity index 90%
rename from src/examples/logrotate
rename to src/examples/logrotate.in
index 6e769451c..0421946a2 100644
--- a/src/examples/logrotate
+++ b/src/examples/logrotate.in
@@ -6,6 +6,7 @@
rotate 2
compress
delaycompress
+ su @SSSD_USER@ @SSSD_USER@
postrotate
/bin/kill -HUP `cat /var/run/sssd.pid 2>/dev/null` 2> /dev/null || true
/bin/pkill -HUP sssd_kcm 2> /dev/null || true
--
2.45.2
Reference in New Issue View Git Blame Copy Permalink