To test, run:
rpm -qf /var/lib/sss/secrets/
the directory was unowned before and should be owned by sssd-common now.
>From a398c91ef196be680f6c2d5b2d5251e060005ec0 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhro...@redhat.com>
Date: Tue, 16 Aug 2016 16:45:36 +0200
Subject: [PATCH] SPEC: Own the secrets DB path
---
contrib/sssd.spec.in | 3 +++
1 file changed, 3 insertions(+)
diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in
index
b58eebba54a82a041f72507b430ceca708a34632..05bb83b57015da5e730dd9b0d9eae5d760596597
100644
--- a/contrib/sssd.spec.in
+++ b/contrib/sssd.spec.in
@@ -106,6 +106,7 @@ Requires: python-sssdconfig = %{version}-%{release}
%global mcpath %{sssdstatedir}/mc
%global pubconfpath %{sssdstatedir}/pubconf
%global gpocachepath %{sssdstatedir}/gpo_cache
+%global secdbpath %{sssdstatedir}/secrets
### Build Dependencies ###
@@ -619,6 +620,7 @@ autoreconf -ivf
--with-pubconf-path=%{pubconfpath} \
--with-gpo-cache-path=%{gpocachepath} \
--with-init-dir=%{_initrddir} \
+ --with-secrets-db-path=%{secdbpath} \
--with-krb5-rcache-dir=%{_localstatedir}/cache/krb5rcache \
--enable-nsslibdir=/%{_lib} \
--enable-pammoddir=/%{_lib}/security \
@@ -785,6 +787,7 @@ done
%dir %{_localstatedir}/cache/krb5rcache
%attr(700,sssd,sssd) %dir %{dbpath}
%attr(755,sssd,sssd) %dir %{mcpath}
+%attr(700,root,root) %dir %{secdbpath}
%ghost %attr(0644,sssd,sssd) %verify(not md5 size mtime) %{mcpath}/passwd
%ghost %attr(0644,sssd,sssd) %verify(not md5 size mtime) %{mcpath}/group
%ghost %attr(0644,sssd,sssd) %verify(not md5 size mtime) %{mcpath}/initgroups
--
2.4.11
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
