On Wed, 14 Jan 2015 16:08:33 +0200 Nikolai Kondrashov <nikolai.kondras...@redhat.com> wrote:
> On 01/13/2015 02:31 PM, Nikolai Kondrashov wrote: > > Hi everyone, > > > > I have a bit of a chicken/egg problem with implementing cwrap tests. > > > > Sssd currently requires the config file to belong to root. However, > > that is not possible to arrange when running under a regular user, > > in cwrap tests. Even though uid_wrapper fakes running under root, > > the created files still belong to the real user. > > > > I see two ways out of this: either run under fakeroot, or allow the > > config file to (also?) belong to the user sssd is configured to run > > under (target user). > > > > While fakeroot will likely work, to me it seems like sweeping the > > problem under the rug. The second option seems a bit more natural, > > especially considering that the CDB file is explicitly chown'ed to > > the target user, anyway. > > > > Now, since the target user can be configured both at the build time > > *and* in the configuration file itself, we'll need to verify file > > ownership *after* reading it. Or, can we maybe move user > > specification to command-line option? > > > > What do you think? > > Simo, do you have any thoughts on this? > > It is blocking my cwrap LDAP integration test implementation. Uhmmm though problem, I think, for this very special case, we may want an env var that allows the code to relax permission/ownership checking on the config file. I do not generally like magic env variables, and we should have an option to compile this support out perhaps, but I see no other sane way short of intercepting stat() and faking permission/ownership only for this case. Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
