Uploaded image for project: 'RHEL Documentation'
  1. RHEL Documentation
  2. RHELDOCS-21336

sssd.conf is not owned by "sssd:sssd" as described in Doc

XMLWordPrintable

    • Low
    • rhel-sst-ccs
    • 3
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • CCS 2025-22, CCS 2025-23
    • None
    • Unspecified
    • Unspecified
    • Unspecified

      .What were you trying to do that didn't work?

      sssd.conf is supposed to be owned by "sssd:sssd" as described in RHELDOCS-18882.

      However, the systemd service file changes file ownership to "root:sssd". In line 16:

      # cat -n /usr/lib/systemd/system/sssd.service
           1    [Unit]
           2    Description=System Security Services Daemon
           3    # SSSD must be running before we permit user sessions
           4    Before=systemd-user-sessions.service nss-user-lookup.target
           5    Wants=nss-user-lookup.target
           6    StartLimitIntervalSec=50s
           7    StartLimitBurst=5
           8    ConditionPathExists=|/etc/sssd/sssd.conf
           9    ConditionDirectoryNotEmpty=|/etc/sssd/conf.d/
          10    
          11    [Service]
          12    Environment=DEBUG_LOGGER=--logger=files
          13    EnvironmentFile=-/etc/sysconfig/sssd
          14    # '-H' is used with /etc/sssd to support use case where /etc/sssd is a symlink.
          15    # '-H' only allows following a command line argument itself, everything else encountered due to '-R' isn't followed.
          16    ExecStartPre=+-/bin/chown -f -R -H root:sssd /etc/sssd
          17    ExecStartPre=+-/bin/chmod -f -R g+r /etc/sssd
          18    ExecStartPre=+-/bin/chmod -f g+x /etc/sssd
          19    ExecStartPre=+-/bin/chmod -f g+x /etc/sssd/conf.d
          20    ExecStartPre=+-/bin/chmod -f g+x /etc/sssd/pki
          21    ExecStartPre=+-/bin/sh -c "/bin/chown -f -h sssd:sssd /var/lib/sss/db/*.ldb"
          22    ExecStartPre=+-/bin/chown -f -R -h sssd:sssd /var/lib/sss/gpo_cache
          23    ExecStartPre=+-/bin/sh -c "/bin/chown -f -h sssd:sssd /var/log/sssd/*.log"
          24    ExecStart=/usr/sbin/sssd -i ${DEBUG_LOGGER}
          25    Type=notify
          26    NotifyAccess=main
          27    Restart=on-abnormal
          28    CapabilityBoundingSet= CAP_SETGID CAP_SETUID CAP_DAC_READ_SEARCH 
          29    SecureBits=noroot noroot-locked
          30    User=sssd
          31    Group=sssd
          32    # If service configured to be run under "root", uncomment "SupplementaryGroups"
          33    #SupplementaryGroups=sssd
          34    
          35    [Install]
          36    WantedBy=multi-user.target

      What is the impact of this issue to you?

      Minor. 

      Please provide the package NVR for which the bug is seen:

      sssd-2.10.2-3.el10_0.2.x86_64

      How reproducible is this bug?:

      Always.

      Steps to reproduce

      1.  
      2.  
      3.  

      Expected results

      Expect consistent behaviour. Either:

      • file is owned by sssd:sssd is described in Product Documentation, or
      • update Product documentation to reflect the actual file ownership.

      Actual results

      File is not owned by "sssd:sssd" as documented.

              dvagnero@redhat.com Dominika Borges
              rhn-support-suwu Sunny Wu
              rhel-idm, rhel-sst-idm-sssd
              Louise McGarry Louise McGarry
              Votes:
              0 Vote for this issue
              Watchers:
              16 Start watching this issue

                Created:
                Updated:
                Resolved: