#1212 Gracefully handle -ENOSPC
Closed: cloned-to-github 5 months ago by pbrezina. Opened 8 years ago by sejeff.

While sssd does an excellent job of staying out of root's way in edge cases like this, it doesn't do the best job of handling user authentications when the disk is full.

Ideally, it would allow a login to occur in some quasi "straight through" mode somewhat akin to pam_ldap. If that isn't possible at least perform the equivalent of an offline login, but if the ldap servers are online, it makes the most sense to authenticate against them.

I understand this is a very small edge case, but it is an important one that could be handled. It would be great if SSSD could support this :)

We're dropping this in the deferred bucket. In general, it's not a high priority for us, as in most cases a system that is out of disk space will be having many other issues as well.

Our recommended workaround is to arrange for /var/lib/sss to be on a separate partition from logs or other data that may rapidly fill the disk.

milestone: NEEDS_TRIAGE => SSSD Deferred

Fields changed

rhbz: => 0

May be SSSD should just allocate more space for its cache? When the cache is first created is there a way to create X amount of dummy entries and then forget them (assuming that X is by 10% higher than a usual number of users that log into the system). Can we do something along those lines?

proposed_priority: => Undefined

This would still be quite costly (if not impossible) to do for very little gain. A system that runs out of space still very likely needs maintenance by root to get fixed again.

The problem is you need to be able to log in to perform maintenance. I've ran into this on many small VMs where I didn't even setup any local users (no root password either), the only option then is to re-boot into single-user. Not fun.

Also, without this, sudo doesn't work in no space conditions either as it uses SSSD too.

IMHO SSSD is a critical enough component that this should have higher priority.

cc: => Michael.Gliwinski@henderson-group.com
changelog: =>
design: =>
design_review: => 0
fedora_test_page: =>
review: => 0
selected: =>

Metadata Update from @sejeff:
- Issue set to the milestone: SSSD Patches welcome

3 years ago

Thank you for taking time to submit this request for SSSD. Unfortunately this issue was not given priority and the team lacks the capacity to work on it at this time.

Given that we are unable to fulfill this request I am closing the issue as wontfix.

If the issue still persist on recent SSSD you can request re-consideration of this decision by reopening this issue. Please provide additional technical details about its importance to you.

Thank you for understanding.

Metadata Update from @pbrezina:
- Issue close_status updated to: wontfix
- Issue status updated to: Closed (was: Open)

7 months ago

Metadata Update from @atikhonov:
- Custom field design_review adjusted to on (was: 0)
- Custom field mark adjusted to on
- Custom field patch adjusted to on (was: 0)
- Custom field review adjusted to on (was: 0)
- Custom field sensitive adjusted to on
- Custom field testsupdated adjusted to on (was: 0)
- Issue status updated to: Open (was: Closed)

7 months ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/2254

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata Update from @pbrezina:
- Issue close_status updated to: cloned-to-github
- Issue status updated to: Closed (was: Open)

5 months ago

Login to comment on this ticket.