#2370 sssd should run under unprivileged user
Closed: Fixed None Opened 5 years ago by jhrozek.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1113783

Please note that this Bug is private and may not be accessible as it contains confidential Red Hat customer information.

Description of problem:
sssd is currently running as root and should be reimplemented to run under an
unprivileged user.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. systemctl sssd start
2. ps axZ | grep sssd

Actual results:
sssd and all children running as root

Expected results:
sssd and all children running under unprivileged user.

Additional info:

Fields changed

blockedby: =>
blocking: =>
changelog: =>
coverity: =>
design: =>
design_review: => 0
feature_milestone: =>
fedora_test_page: =>
milestone: NEEDS_TRIAGE => SSSD 1.12.1
review: True => 0
selected: =>
testsupdated: => 0

Fields changed

priority: major => blocker

Fields changed

owner: somebody => jhrozek
status: new => assigned

Mass-moving all tickets that didn't make 1.12.1 into 1.12.2

milestone: SSSD 1.12.1 => SSSD 1.12.2

We need to do a release as requested by downstream. Moving tickets that are not fixed already or very close to acking to 1.12.3

milestone: SSSD 1.12.2 => SSSD 1.12.3

Fields changed

patch: 0 => 1

ldap_child and krb5_child changes:
- f3a2594
- 77b1337
- 06f10b2
- 9369407
- 5eef3da
- 0348c74
- 45414c1

sssd_be privilege drop patch:

Most of the work is done, so I'm closing this ticket. There are some additional enhancements tracked by individual tickets. See e.g. the design page for more details.

resolution: => fixed
status: assigned => closed

Metadata Update from @jhrozek:
- Issue assigned to jhrozek
- Issue marked as depending on: #2395
- Issue set to the milestone: SSSD 1.12.3

3 years ago

Login to comment on this ticket.