From 561c51bd799246563018fb76dcfe42d64b5cb348 Mon Sep 17 00:00:00 2001 From: Alexey Tikhonov Date: Thu, 2 Jan 2025 14:56:39 +0100 Subject: [PATCH] SYSTEMD: fix missing 'g+x' on /etc/sssd and subdirs for rpm-ostree based systems Reviewed-by: Iker Pedrosa Reviewed-by: Sumit Bose --- src/sysv/systemd/sssd-kcm.service.in | 3 +++ src/sysv/systemd/sssd.service.in | 3 +++ 2 files changed, 6 insertions(+) diff --git a/src/sysv/systemd/sssd-kcm.service.in b/src/sysv/systemd/sssd-kcm.service.in index 67da0368eb..b3d2a6e73f 100644 --- a/src/sysv/systemd/sssd-kcm.service.in +++ b/src/sysv/systemd/sssd-kcm.service.in @@ -13,6 +13,9 @@ Environment=DEBUG_LOGGER=--logger=files # '-H' only allows following a command line argument itself, everything else encountered due to '-R' isn't followed. ExecStartPre=+-/bin/chown -f -R -H root:@SSSD_USER@ @sssdconfdir@ ExecStartPre=+-/bin/chmod -f -R g+r @sssdconfdir@ +ExecStartPre=+-/bin/chmod -f g+x @sssdconfdir@ +ExecStartPre=+-/bin/chmod -f g+x @sssdconfdir@/conf.d +ExecStartPre=+-/bin/chmod -f g+x @sssdconfdir@/pki ExecStartPre=+-/bin/sh -c "/bin/chown -f -h @SSSD_USER@:@SSSD_USER@ @secdbpath@/*.ldb" ExecStartPre=+-/bin/chown -f -h @SSSD_USER@:@SSSD_USER@ @logpath@/sssd_kcm.log ExecStart=@libexecdir@/sssd/sssd_kcm ${DEBUG_LOGGER} diff --git a/src/sysv/systemd/sssd.service.in b/src/sysv/systemd/sssd.service.in index ccd2204ec5..09ea69114d 100644 --- a/src/sysv/systemd/sssd.service.in +++ b/src/sysv/systemd/sssd.service.in @@ -14,6 +14,9 @@ EnvironmentFile=-@environment_file@ # '-H' only allows following a command line argument itself, everything else encountered due to '-R' isn't followed. ExecStartPre=+-/bin/chown -f -R -H root:@SSSD_USER@ @sssdconfdir@ ExecStartPre=+-/bin/chmod -f -R g+r @sssdconfdir@ +ExecStartPre=+-/bin/chmod -f g+x @sssdconfdir@ +ExecStartPre=+-/bin/chmod -f g+x @sssdconfdir@/conf.d +ExecStartPre=+-/bin/chmod -f g+x @sssdconfdir@/pki ExecStartPre=+-/bin/sh -c "/bin/chown -f -h @SSSD_USER@:@SSSD_USER@ @dbpath@/*.ldb" ExecStartPre=+-/bin/chown -f -R -h @SSSD_USER@:@SSSD_USER@ @gpocachepath@ ExecStartPre=+-/bin/sh -c "/bin/chown -f -h @SSSD_USER@:@SSSD_USER@ @logpath@/*.log"