You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1263251
Description of problem: Could not open file [/var/log/sssd/selinux_child.log].
Error: [13][Permission denied]
Version-Release number of selected component (if applicable): 7.2
How reproducible: Always
Steps to Reproduce:
1. Ensure IPA server is installed on RHEL7.2
2. Ensure trust is established with Win2K8 R2.
3. systemctl stop sssd.service
4. In the [sssd] section in /etc/sssd/sssd.conf file add the below
[sssd]
user = sssd
5. systemctl start sssd.service
6. Now try logging as the ADuser from the AD Windows Box.
Actual results:
1. since sssd service is now running as user 'sssd' the ownership of all the
below log files have been changed to sssd.sssd which is correct behaviour
[root@ipa01 sssd]# ls -l | grep sssd_nss
-rw-------. 1 sssd sssd 9814824 Sep 15 17:21 sssd_nss.log
[root@ipa01 sssd]# ls -l | grep sssd_pam
-rw-------. 1 sssd sssd 4137528 Sep 15 17:21 sssd_pam.log
[root@ipa01 sssd]# ls -l | grep sssd_ssh
-rw-------. 1 sssd sssd 4204027 Sep 15 17:21 sssd_ssh.log
[root@ipa01 sssd]# ls -l | grep sssd_pac
-rw-------. 1 sssd sssd 4090200 Sep 15 17:21 sssd_pac.log
[root@ipa01 sssd]# ls -l | grep sssd_sudo
-rw-------. 1 sssd sssd 4615010 Sep 15 17:21 sssd_sudo.log
2. The ownership of keytab file in /var/lib/sss/keytabs directory also changes
to sssd.sssd which is correct behaviour
drwx------. 2 sssd sssd 50 Sep 15 17:45 keytabs
[root@ipa01 keytabs]# ls -l
total 8
-rw-------. 1 sssd sssd 177 Sep 15 17:45 test.in.keytab
3. The ownership of the below files remains root.root and doesn't change to
sssd:sssd
-rw-------. 1 root root 57108 Sep 15 17:20 krb5_child.log
-rw-------. 1 root root 36022 Sep 15 17:16 ldap_child.log
-rw-------. 1 root root 0 Aug 24 14:59 selinux_child.log
4.The AD user gets logged in successfully, but there is a message displayed on
the IPA-server console.
[smenon@ipa01 log]$ Message from syslogd@ipa01 at Sep 15 17:47:41 ...
sssd[be[labs01.test]]:Could not open file [/var/log/sssd/selinux_child.log].
Error: [13][Permission denied]
Expected results: The ownership of the log files should be changed to sssd:sssd
when sssd service is running as 'sssd' and root:root vice versa.
Additional info:
Cloned from Pagure issue: https://pagure.io/SSSD/sssd/issue/2797
Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1263251
Comments
Comment from jhrozek at 2015-09-23 22:09:01
Fields changed
blockedby: =>
blocking: =>
changelog: =>
coverity: =>
design: =>
design_review: => 0
feature_milestone: =>
fedora_test_page: =>
mark: no => 0
owner: somebody => pcech
review: True => 0
selected: =>
testsupdated: => 0
Comment from jhrozek at 2015-09-23 22:10:34
Because running as non-root is not the default in most distributions, I think this should be OK in 1.13.3, no need to put the ticket into .1 or .2
Comment from pcech at 2015-09-24 09:21:12
Fields changed
status: new => assigned
Comment from jhrozek at 2015-09-24 15:50:15
Fields changed
milestone: NEEDS_TRIAGE => SSSD 1.13.3
Comment from jhrozek at 2015-11-05 11:02:10
We can no longer reproduce the problem, closing.
resolution: => worksforme
status: assigned => closed
Comment from jhrozek at 2017-02-24 14:50:10
Metadata Update from @jhrozek:
The text was updated successfully, but these errors were encountered: