-
Notifications
You must be signed in to change notification settings - Fork 256
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fixing sssd.service: #7783
Fixing sssd.service: #7783
Conversation
24058ec
to
e9b1e9f
Compare
@@ -9,7 +9,7 @@ Also=sssd-kcm.socket | |||
|
|||
[Service] | |||
Environment=DEBUG_LOGGER=--logger=files | |||
ExecStartPre=+-/bin/chown -f -R -h root:@SSSD_USER@ @sssdconfdir@ | |||
ExecStartPre=+-/bin/chown -f -R -H root:@SSSD_USER@ @sssdconfdir@ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi @mgerstner,
do you think this change is reasonable taking into account that:
- it requires root to write to /etc (and so to make /etc/sssd a symlink)
- with -H and -R only command line argument is dereferenced
?
#7781 has some details/reason.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The recursion logic (-R
) of GNU chown
is already safe against race conditions and symbolic links appearing in the directory tree, that is correct.
If you want to support the @sssdconfdir
being a symlink and if it reasonable to assume that the location it points to is only root controlled, which is the case for /etc/sssd
, then passing -H
should be fine. I would document the reason for passing -H
here then, though, because it's use is a bit special.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you.
for rpm-ostree based systems
e9b1e9f
to
f4e7595
Compare
Rebased and added comments. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi,
thank you for the fix and adding the comments, ACK.
bye,
Sumit
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. Thank you for taking care of it.
chown
likely not working as expected. #7781)