>From ded9182b541ff2fd97688697ba2feef0968c2bf8 Mon Sep 17 00:00:00 2001
From: Michal Zidek <mzidek@redhat.com>
Date: Thu, 9 Oct 2014 17:25:34 +0200
Subject: [PATCH 15/19] PAM: Run pam responder as nonroot

---
 src/monitor/monitor.c      | 3 ++-
 src/responder/pam/pamsrv.c | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/monitor/monitor.c b/src/monitor/monitor.c
index 297648a60836cec1bd95c0a2972c8d14be32675a..2f622e571478b2a71ef29ed518ca3b80c077b766 100644
--- a/src/monitor/monitor.c
+++ b/src/monitor/monitor.c
@@ -1062,7 +1062,8 @@ static errno_t get_ping_config(struct mt_ctx *ctx, const char *path,
  */
 static bool svc_supported_as_nonroot(const char *svc_name)
 {
-    if (strcmp(svc_name, "nss") == 0) {
+    if ((strcmp(svc_name, "nss") == 0)
+        || (strcmp(svc_name, "pam") == 0)) {
         return true;
     }
     return false;
diff --git a/src/responder/pam/pamsrv.c b/src/responder/pam/pamsrv.c
index 8e0dc6cdf2cee1e31b435fbed461184e275fedbb..1f36c7dd2ca27e001e6ebddee1db29512e093667 100644
--- a/src/responder/pam/pamsrv.c
+++ b/src/responder/pam/pamsrv.c
@@ -368,7 +368,7 @@ int main(int argc, const char *argv[])
         return 2;
     }
 
-    ret = server_setup("sssd[pam]", 0, 0, 0, CONFDB_PAM_CONF_ENTRY, &main_ctx);
+    ret = server_setup("sssd[pam]", 0, uid, gid, CONFDB_PAM_CONF_ENTRY, &main_ctx);
     if (ret != EOK) return 2;
 
     ret = die_if_parent_died();
-- 
1.9.3