Lukas Slebodnik wrote:
There is a way how to run sssd as non-root but /usr/sbin/sssd still
require bunch of linux capabilities to achieve that.
One more question, which I should have mentioned in my previous reply.
Since there are few places in the code that check explicitly for root and exit with error
if getuid() != 0 for example here
https://github.com/SSSD/sssd/blob/master/src/monitor/monitor.c#L2449. Since these checks
do not seem to be optional, adding capabilities alone do not help.
How do the maintainers feel about making sssd run on OpenShift? Would this be something
to pursue / possibly contribute to?
--
Tero