On (12/01/16 13:36), Jakub Hrozek wrote:
On Thu, Jan 07, 2016 at 11:17:54AM +0100, Jakub Hrozek wrote:
> This looks like a bug, when I install from source, the directory is
> owned by sssd.sssd.
>
> btw when I tested this, I think I found another issue -- we try to bump
> the mtime of /etc/krb5.conf, but since the file is only writable by
> root, we fail:
> (Thu Jan 7 10:11:00 2016) [sssd[be[ipa.test]]] [sss_write_domain_mappings]
(0x0200): Mapping file for domain [ipa.test] is
[/var/lib/sss/pubconf/krb5.include.d/domain_realm_ipa_test]
> (Thu Jan 7 10:12:04 2016) [sssd[be[ipa.test]]] [sss_krb5_touch_config] (0x0020):
Unable to change mtime of "/etc/krb5.conf" [13]: Permission denied
>
> I wonder if we should open krb.conf during startup and then call
> futimens() instead?
Hmm, this seems to not work, even if I have a FD I opened as root,
calling futimens() on that fd returns EPERM..time for another setuid
helper?
or libkrb5 should be changed to check also mtime for all
included directories.
e.g.
includedir /etc/krb5.conf.d/
includedir /var/lib/sss/pubconf/krb5.include.d/
...
LS