>From aee761712bf9b2b9b6aa6b62f442067896ba60c9 Mon Sep 17 00:00:00 2001
From: Michal Zidek <mzidek@redhat.com>
Date: Thu, 9 Oct 2014 17:15:56 +0200
Subject: [PATCH 08/19] MONITOR: Allow confdb to be accessed by nonroot user

---
 src/monitor/monitor.c | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/src/monitor/monitor.c b/src/monitor/monitor.c
index 5445623c8b983ac83b059f0be0f709c723fd8a94..1567d5d241077f7e0a9f9968d280e6ceaaeb7ac1 100644
--- a/src/monitor/monitor.c
+++ b/src/monitor/monitor.c
@@ -927,7 +927,7 @@ static int get_service_user(struct mt_ctx *ctx)
                             CONFDB_MONITOR_USER_RUNAS,
                             NULL, &user_str);
     if (ret != EOK) {
-        DEBUG(SSSDBG_FATAL_FAILURE, "Failed to get the user to run as");
+        DEBUG(SSSDBG_FATAL_FAILURE, "Failed to get the user to run as\n");
         return ret;
     }
 
@@ -1696,7 +1696,6 @@ static errno_t load_configuration(TALLOC_CTX *mem_ctx,
         DEBUG(SSSDBG_FATAL_FAILURE, "Fatal error initializing confdb\n");
         goto done;
     }
-    talloc_zfree(cdb_file);
 
     ret = confdb_init_db(config_file, ctx->cdb);
     if (ret != EOK) {
@@ -1712,6 +1711,17 @@ static errno_t load_configuration(TALLOC_CTX *mem_ctx,
         goto done;
     }
 
+    /* Allow configuration database to be accessible
+     * when SSSD runs as nonroot */
+    ret = chown(cdb_file, ctx->uid, ctx->gid);
+    if (ret != 0) {
+        ret = errno;
+        DEBUG(SSSDBG_FATAL_FAILURE,
+              "chown failed for [%s]: [%d][%s].\n",
+              cdb_file, ret, sss_strerror(ret));
+        goto done;
+    }
+
     *monitor = ctx;
 
     ret = EOK;
-- 
1.9.3