On (29/11/16 10:27), Jakub Hrozek wrote: >On Tue, Nov 29, 2016 at 10:01:58AM +0100, Lukas Slebodnik wrote: >> On (28/11/16 11:27), Jakub Hrozek wrote: >> >On Mon, Nov 28, 2016 at 10:57:44AM +0100, Pavel Březina wrote: >> >> On 11/28/2016 10:47 AM, Jakub Hrozek wrote: >> >> > On Thu, Nov 24, 2016 at 02:33:04PM +0100, Fabiano Fidêncio wrote: >> >> > > The design page is done [0] and it's based on this discussion [1] we >> >> > > had on this very same mailing list. A pull-request with the >> >> > > implementation is already opened [2]. >> >> > > >> >> > > [0]: >> >> > > https://fedorahosted.org/sssd/wiki/DesignDocs/SocketActivatableResponders >> >> > > [1]: >> >> > > https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org/message/H6JOF5SGGSIJUIWYNANDA73ODHWBS7J2/ >> >> > > [2]: https://github.com/SSSD/sssd/pull/84 >> >> > > >> >> > > The full text of c&p here: >> >> > >> >> > In general looks good to me, but note that I was involved a bit with >> >> > Fabiano in the discussion, so my view might be tainted. >> >> >> >> I finally got to it. The design page looks good and I'll start reviewing >> >> the >> >> patches. >> >> >> >> The only think I wonder about is whether we want to pass parameters " >> >> --uid >> >> 0 --gid 0 --debug-to-files" or we will read the from sssd.conf? I prefer >> >> reading them. >> >> >> >> Also what do we use the private sockets for? It is used only for root? >> > >> >Yes, that's where we route PAM requests started by UID 0 to. >> > >> For example. The nss responder need't run as root. > >I don't think this is about the identity the responder runs at, but >about the identity of the client who talks to the responder socket, no? > I do not understant. Could you elaborate or provide an example? Where you can see a problem with pure systemd solution for unprivileged responders. We need to provide service files anyway.
LS _______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org