From aaa29839fa216837da73a5dc346a697f79139dcb Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Mon, 9 Dec 2024 17:54:13 -0800
Subject: [PATCH] ipa_client: the fedora-sss-ignore.conf file should be owned
 by sssd user/group

We change this to root/root and then restart sssd and it changes it
back. So, lets do this right and let it be sssd/sssd.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 roles/ipa/client/tasks/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/ipa/client/tasks/main.yml b/roles/ipa/client/tasks/main.yml
index aa85d44651..96b2bf393a 100644
--- a/roles/ipa/client/tasks/main.yml
+++ b/roles/ipa/client/tasks/main.yml
@@ -74,7 +74,7 @@
   run_once: yes
 
 - name: Ensure that nss knows to skip certain users
-  template: src=fedora-nss-ignore.conf.j2 dest=/etc/sssd/conf.d/fedora-nss-ignore.conf mode=600 owner=root group=root
+  template: src=fedora-nss-ignore.conf.j2 dest=/etc/sssd/conf.d/fedora-nss-ignore.conf mode=600 owner=sssd group=sssd
   tags:
   - ipa/client
   - config