Learn more about these different git repos.
Other Git URLs
Pam system error (4) is returned in non-root mode for pam:account.
Feb 25 04:32:23 gs-per720-01 su: pam_sss(su:auth): authentication success; logname= uid=99 euid=0 tty=pts/7 ruser=nobody rhost= user=allow_u-15330@sssdad2012.com Feb 25 04:32:24 gs-per720-01 su: pam_sss(su:account): Access denied for user allow_u-15330@sssdad2012.com: 4 (System error)
Directories in gpo_cache are created with wrong permissions.
(Thu Feb 25 04:36:16 2016) [[sssd[gpo_child[24925]]]] [prepare_gpo_cache] (0x0400): Storing GPOs in /var/lib/sss/gpo_cache/sssdad2012.com (Thu Feb 25 04:36:16 2016) [[sssd[gpo_child[24925]]]] [prepare_gpo_cache] (0x0400): Storing GPOs in /var/lib/sss/gpo_cache/sssdad2012.com/Policies (Thu Feb 25 04:36:16 2016) [[sssd[gpo_child[24925]]]] [prepare_gpo_cache] (0x0020): mkdir(/var/lib/sss/gpo_cache/sssdad2012.com/Policies) failed: 13 (Thu Feb 25 04:36:16 2016) [[sssd[gpo_child[24925]]]] [gpo_cache_store_file] (0x0020): prepare_gpo_cache failed [13][Permission denied] (Thu Feb 25 04:36:16 2016) [[sssd[gpo_child[24925]]]] [gpo_cache_store_file] (0x0020): Error encountered: 13. (Thu Feb 25 04:36:16 2016) [[sssd[gpo_child[24925]]]] [copy_smb_file_to_gpo_cache] (0x0020): gpo_cache_store_file failed [13][Permission denied] (Thu Feb 25 04:36:16 2016) [[sssd[gpo_child[24925]]]] [perform_smb_operations] (0x0020): copy_smb_file_to_gpo_cache failed [13][Permission denied] (Thu Feb 25 04:36:16 2016) [[sssd[gpo_child[24925]]]] [main] (0x0020): perform_smb_operations failed.[13][Permission denied]. (Thu Feb 25 04:36:16 2016) [[sssd[gpo_child[24925]]]] [main] (0x0020): gpo_child failed!
Fields changed
owner: somebody => lslebodn status: new => assigned
Patch is simple and I have WIP patch.
The question is how we want to solve upgrade?
Check for the directory/file ownership at startup in the main process and fi permissions before dropping privileges. Alternatively provide a script to fix permissions and preexec it in the systemd unit file.
rhbz: => todo
milestone: NEEDS_TRIAGE => SSSD 1.13.4
patch: 0 => 1
master:
sssd-1-13:
resolution: => fixed status: assigned => closed
rhbz: todo => 0
Metadata Update from @lslebodn: - Issue assigned to lslebodn - Issue set to the milestone: SSSD 1.13.4
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/4003
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.