Hi David, Plan for the full support of SSSD running as a non-root user is in scope of interest of the SSSD dev team. I can't provide you a precise time frame for this but some preparation already started. This transition is not trivial as by design SSSD was alway running as a root. Keep in mind that on top of the code changes a lot of testing needs to be done to confirm that the final result will be secure and perform well.
After fast check those are some of already existing upstream issues related to SSSD running without root: https://github.com/SSSD/sssd/issues/3412 https://github.com/SSSD/sssd/issues/5508 https://github.com/SSSD/sssd/issues/5536 https://github.com/SSSD/sssd/issues/5443 Best regards, Pawel On Thu, Apr 1, 2021 at 6:06 PM David Mather <davidmat...@live.ie> wrote: > We are also trying to run as a non-root user with minimal capabilities in > production. Has anymore work been done on this since? > _______________________________________________ > sssd-users mailing list -- sssd-users@lists.fedorahosted.org > To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure > -- Paweł Poławski Senior Software Engineer Red Hat <https://www.redhat.com/> ppola...@redhat.com @RedHat <https://twitter.com/redhat> Red Hat <https://www.linkedin.com/company/red-hat> Red Hat <https://www.facebook.com/RedHatInc> <https://red.ht/sig>
_______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure