Learn more about these different git repos.
Other Git URLs
Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1263251
Description of problem: Could not open file [/var/log/sssd/selinux_child.log]. Error: [13][Permission denied] Version-Release number of selected component (if applicable): 7.2 How reproducible: Always Steps to Reproduce: 1. Ensure IPA server is installed on RHEL7.2 2. Ensure trust is established with Win2K8 R2. 3. systemctl stop sssd.service 4. In the [sssd] section in /etc/sssd/sssd.conf file add the below [sssd] user = sssd 5. systemctl start sssd.service 6. Now try logging as the ADuser from the AD Windows Box. Actual results: 1. since sssd service is now running as user 'sssd' the ownership of all the below log files have been changed to sssd.sssd which is correct behaviour [root@ipa01 sssd]# ls -l | grep sssd_nss -rw-------. 1 sssd sssd 9814824 Sep 15 17:21 sssd_nss.log [root@ipa01 sssd]# ls -l | grep sssd_pam -rw-------. 1 sssd sssd 4137528 Sep 15 17:21 sssd_pam.log [root@ipa01 sssd]# ls -l | grep sssd_ssh -rw-------. 1 sssd sssd 4204027 Sep 15 17:21 sssd_ssh.log [root@ipa01 sssd]# ls -l | grep sssd_pac -rw-------. 1 sssd sssd 4090200 Sep 15 17:21 sssd_pac.log [root@ipa01 sssd]# ls -l | grep sssd_sudo -rw-------. 1 sssd sssd 4615010 Sep 15 17:21 sssd_sudo.log 2. The ownership of keytab file in /var/lib/sss/keytabs directory also changes to sssd.sssd which is correct behaviour drwx------. 2 sssd sssd 50 Sep 15 17:45 keytabs [root@ipa01 keytabs]# ls -l total 8 -rw-------. 1 sssd sssd 177 Sep 15 17:45 test.in.keytab 3. The ownership of the below files remains root.root and doesn't change to sssd:sssd -rw-------. 1 root root 57108 Sep 15 17:20 krb5_child.log -rw-------. 1 root root 36022 Sep 15 17:16 ldap_child.log -rw-------. 1 root root 0 Aug 24 14:59 selinux_child.log 4.The AD user gets logged in successfully, but there is a message displayed on the IPA-server console. [smenon@ipa01 log]$ Message from syslogd@ipa01 at Sep 15 17:47:41 ... sssd[be[labs01.test]]:Could not open file [/var/log/sssd/selinux_child.log]. Error: [13][Permission denied] Expected results: The ownership of the log files should be changed to sssd:sssd when sssd service is running as 'sssd' and root:root vice versa. Additional info:
Fields changed
blockedby: => blocking: => changelog: => coverity: => design: => design_review: => 0 feature_milestone: => fedora_test_page: => mark: no => 0 owner: somebody => pcech review: True => 0 selected: => testsupdated: => 0
Because running as non-root is not the default in most distributions, I think this should be OK in 1.13.3, no need to put the ticket into .1 or .2
status: new => assigned
milestone: NEEDS_TRIAGE => SSSD 1.13.3
We can no longer reproduce the problem, closing.
resolution: => worksforme status: assigned => closed
Metadata Update from @jhrozek: - Issue assigned to pcech - Issue set to the milestone: SSSD 1.13.3
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/3838
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.