#3638 Make Fleet Commander related code work for unprivileged users

Created 5 months ago by fidencio
Modified 5 months ago

As pointed by https://github.com/SSSD/sssd/pull/498#issuecomment-365839135 the Fleet Commander code will have some issues running on environments where the domain's process is unprivileged.

A possible solution for this would be to have different permissions for the deskprofile folder and the folders under this one.

I really would like to hear @simo's opinion on this one!

I would prefer to close this ticket as duplicate of #3621. The use-case from description of this ticket
is already mentioned in #3621 and #3621 has not been closed yet.

BTW it is not RFE but bug

Edited 5 months ago by lslebodn

BTW it is not RFE but bug

"RFE" word has been removed as by your suggestion.

Edited 5 months ago by fidencio

I think it is ok to track this in a separate ticket.

Since the Fleet Commander support is an independent feature it is imo sufficient to document that it currently only works if SSSD runs a root. This ticket already documents this but an entry in a related man page wouldn't hurt either.

@fidencio would you prefer me to open another ticket about the man page entry? Or feel free to do it yourself.
Then we could defer this ticket to make it clear that the functionality doesn't work with an unprivileged user and fix the man page.

Created a new issue and updated the reference in the PR. JFTR: https://pagure.io/SSSD/sssd/issue/3648

Oh, I didn't notice there was a PR already. I'm all set then and I'll move this ticket to Patches Welcome.

5 months ago

Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD Patches welcome

Login to comment on this ticket.

cancel