URL: https://github.com/SSSD/sssd/pull/601 Title: #601: sbus: integrate sssd with sbus2
pbrezina commented: """ Right. The problem was when reading the keytab as you wrote in the mail. I did not notice it because my test keytab is readable by all. I moved `become_user` after the point where data provider is fully initialized so the initialization is done as root as it was before. ```diff +diff --git a/src/providers/data_provider_be.c b/src/providers/data_provider_be.c index 095966b25..670ddb477 100644 --- a/src/providers/data_provider_be.c +++ b/src/providers/data_provider_be.c @@ -582,6 +582,23 @@ static void dp_initialized(struct tevent_req *req) goto done; } + ret = chown_debug_file(NULL, be_ctx->uid, be_ctx->gid); + if (ret != EOK) { + DEBUG(SSSDBG_MINOR_FAILURE, + "Cannot chown the debug files, debugging might not work!\n"); + } + + ret = become_user(be_ctx->uid, be_ctx->gid); + if (ret != EOK) { + DEBUG(SSSDBG_FUNC_DATA, + "Cannot become user [%"SPRIuid"][%"SPRIgid"].\n", + be_ctx->uid, be_ctx->gid); + goto done; + } + + DEBUG(SSSDBG_TRACE_FUNC, "Backend provider (%s) started!\n", + be_ctx->domain->name); + ret = EOK; done: @@ -678,21 +695,6 @@ int main(int argc, const char *argv[]) return 3; } - ret = chown_debug_file(NULL, uid, gid); - if (ret != EOK) { - DEBUG(SSSDBG_MINOR_FAILURE, - "Cannot chown the debug files, debugging might not work!\n"); - } - - ret = become_user(uid, gid); - if (ret != EOK) { - DEBUG(SSSDBG_FUNC_DATA, - "Cannot become user [%"SPRIuid"][%"SPRIgid"].\n", uid, gid); - return ret; - } - - DEBUG(SSSDBG_TRACE_FUNC, "Backend provider (%s) started!\n", be_domain); - /* loop on main */ server_loop(main_ctx); ``` """ See the full comment at https://github.com/SSSD/sssd/pull/601#issuecomment-412063892
_______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/sssd-devel@lists.fedorahosted.org/message/DLAN5Y5OJ7BFMIQZIO5SAZ6VK7UEWFA6/