URL:
https://github.com/SSSD/sssd/pull/601
Title: #601: sbus: integrate sssd with sbus2
pbrezina commented:
"""
Right. The problem was when reading the keytab as you wrote in the mail. I did not notice
it because my test keytab is readable by all.
I moved `become_user` after the point where data provider is fully initialized so the
initialization is done as root as it was before.
```diff
+diff --git a/src/providers/data_provider_be.c b/src/providers/data_provider_be.c
index 095966b25..670ddb477 100644
--- a/src/providers/data_provider_be.c
+++ b/src/providers/data_provider_be.c
@@ -582,6 +582,23 @@ static void dp_initialized(struct tevent_req *req)
goto done;
}
+ ret = chown_debug_file(NULL, be_ctx->uid, be_ctx->gid);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_MINOR_FAILURE,
+ "Cannot chown the debug files, debugging might not work!\n");
+ }
+
+ ret = become_user(be_ctx->uid, be_ctx->gid);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_FUNC_DATA,
+ "Cannot become user
[%"SPRIuid"][%"SPRIgid"].\n",
+ be_ctx->uid, be_ctx->gid);
+ goto done;
+ }
+
+ DEBUG(SSSDBG_TRACE_FUNC, "Backend provider (%s) started!\n",
+ be_ctx->domain->name);
+
ret = EOK;
done:
@@ -678,21 +695,6 @@ int main(int argc, const char *argv[])
return 3;
}
- ret = chown_debug_file(NULL, uid, gid);
- if (ret != EOK) {
- DEBUG(SSSDBG_MINOR_FAILURE,
- "Cannot chown the debug files, debugging might not work!\n");
- }
-
- ret = become_user(uid, gid);
- if (ret != EOK) {
- DEBUG(SSSDBG_FUNC_DATA,
- "Cannot become user
[%"SPRIuid"][%"SPRIgid"].\n", uid, gid);
- return ret;
- }
-
- DEBUG(SSSDBG_TRACE_FUNC, "Backend provider (%s) started!\n", be_domain);
-
/* loop on main */
server_loop(main_ctx);
```
"""
See the full comment at
https://github.com/SSSD/sssd/pull/601#issuecomment-412063892