[Pkg-sssd-devel] Bug#949001: sssd.service will not launch with installed config file permissions/ownership

Malmberg, Breen E bemalmbe at lanl.gov
Wed Jan 15 19:16:41 GMT 2020 

Package: sssd
Version: 1.15.0-3

user at host-debian9:~$ sudo apt install sssd
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
  adcli ldap-utils libbasicobjects0 libc-ares2 libcollection4 libdhash1 libini-config5 libipa-hbac0
  libldap-2.4-2 libldap-common libnfsidmap2 libnl-route-3-200 libnss-sss libpam-pwquality libpam-sss
  libpath-utils1 libref-array1 libsasl2-modules libsasl2-modules-gssapi-mit libsss-idmap0 libsss-nss-idmap0
  libsss-sudo python-sss sssd-ad sssd-ad-common sssd-common sssd-ipa sssd-krb5 sssd-krb5-common sssd-ldap
  sssd-proxy
Suggested packages:
  libsasl2-modules-ldap libsasl2-modules-otp libsasl2-modules-sql apparmor sssd-tools
The following NEW packages will be installed:
  adcli ldap-utils libbasicobjects0 libc-ares2 libcollection4 libdhash1 libini-config5 libipa-hbac0
  libnfsidmap2 libnl-route-3-200 libnss-sss libpam-pwquality libpam-sss libpath-utils1 libref-array1
  libsasl2-modules-gssapi-mit libsss-idmap0 libsss-nss-idmap0 libsss-sudo python-sss sssd sssd-ad
  sssd-ad-common sssd-common sssd-ipa sssd-krb5 sssd-krb5-common sssd-ldap sssd-proxy
The following packages will be upgraded:
  libldap-2.4-2 libldap-common libsasl2-modules
3 upgraded, 29 newly installed, 0 to remove and 181 not upgraded.
Need to get 2,875 kB of archives.
After this operation, 8,519 kB of additional disk space will be used.
Do you want to continue? [Y/n] y
Get:1 http://ftp.us.debian.org/debian stretch/main amd64 libldap-common all 2.4.44+dfsg-5+deb9u3 [85.7 kB]
Get:2 http://ftp.us.debian.org/debian stretch/main amd64 libldap-2.4-2 amd64 2.4.44+dfsg-5+deb9u3 [220 kB]
Get:3 http://ftp.us.debian.org/debian stretch/main amd64 libnfsidmap2 amd64 0.25-5.1 [32.0 kB]
Get:4 http://ftp.us.debian.org/debian stretch/main amd64 adcli amd64 0.8.2-1+b1 [86.5 kB]
Get:6 http://ftp.us.debian.org/debian stretch/main amd64 ldap-utils amd64 2.4.44+dfsg-5+deb9u3 [192 kB]
Get:8 http://ftp.us.debian.org/debian stretch/main amd64 libnl-route-3-200 amd64 3.2.27-2 [136 kB]
Get:9 http://ftp.us.debian.org/debian stretch/main amd64 libpam-pwquality amd64 1.3.0-1+b1 [13.0 kB]
Get:10 http://ftp.us.debian.org/debian stretch/main amd64 libbasicobjects0 amd64 0.6.0-1 [5,886 B]
Get:11 http://ftp.us.debian.org/debian stretch/main amd64 libc-ares2 amd64 1.12.0-1+deb9u1 [81.6 kB]
Get:12 http://ftp.us.debian.org/debian stretch/main amd64 libcollection4 amd64 0.6.0-1 [22.1 kB]
Get:13 http://ftp.us.debian.org/debian stretch/main amd64 libdhash1 amd64 0.6.0-1 [8,686 B]
Get:14 http://ftp.us.debian.org/debian stretch/main amd64 libpath-utils1 amd64 0.6.0-1 [8,720 B]
Get:15 http://ftp.us.debian.org/debian stretch/main amd64 libref-array1 amd64 0.6.0-1 [7,220 B]
Get:16 http://ftp.us.debian.org/debian stretch/main amd64 libini-config5 amd64 0.6.0-1 [42.8 kB]
Get:17 http://ftp.us.debian.org/debian stretch/main amd64 libipa-hbac0 amd64 1.15.0-3 [20.0 kB]
Get:18 http://ftp.us.debian.org/debian stretch/main amd64 libnss-sss amd64 1.15.0-3 [28.6 kB]
Get:19 http://ftp.us.debian.org/debian stretch/main amd64 libpam-sss amd64 1.15.0-3 [32.9 kB]
Get:20 http://ftp.us.debian.org/debian stretch/main amd64 libsss-idmap0 amd64 1.15.0-3 [24.3 kB]
Get:21 http://ftp.us.debian.org/debian stretch/main amd64 libsss-nss-idmap0 amd64 1.15.0-3 [21.5 kB]
Get:22 http://ftp.us.debian.org/debian stretch/main amd64 libsss-sudo amd64 1.15.0-3 [22.5 kB]
Get:23 http://ftp.us.debian.org/debian stretch/main amd64 python-sss amd64 1.15.0-3 [65.8 kB]
Get:5 http://security-cdn.debian.org/debian-security stretch/updates/main amd64 libsasl2-modules amd64 2.1.27~101-g0780600+dfsg-3+deb9u1 [102 kB]
Get:7 http://security-cdn.debian.org/debian-security stretch/updates/main amd64 libsasl2-modules-gssapi-mit amd64 2.1.27~101-g0780600+dfsg-3+deb9u1 [90.6 kB]
Get:24 http://ftp.us.debian.org/debian stretch/main amd64 sssd-common amd64 1.15.0-3 [958 kB]
Get:25 http://ftp.us.debian.org/debian stretch/main amd64 sssd-ad-common amd64 1.15.0-3 [62.7 kB]
Get:26 http://ftp.us.debian.org/debian stretch/main amd64 sssd-krb5-common amd64 1.15.0-3 [77.2 kB]
Get:27 http://ftp.us.debian.org/debian stretch/main amd64 sssd-ad amd64 1.15.0-3 [115 kB]
Get:28 http://ftp.us.debian.org/debian stretch/main amd64 sssd-ipa amd64 1.15.0-3 [188 kB]
Get:29 http://ftp.us.debian.org/debian stretch/main amd64 sssd-krb5 amd64 1.15.0-3 [23.9 kB]
Get:30 http://ftp.us.debian.org/debian stretch/main amd64 sssd-ldap amd64 1.15.0-3 [38.7 kB]
Get:31 http://ftp.us.debian.org/debian stretch/main amd64 sssd-proxy amd64 1.15.0-3 [45.3 kB]
Get:32 http://ftp.us.debian.org/debian stretch/main amd64 sssd amd64 1.15.0-3 [15.2 kB]
Fetched 2,875 kB in 1s (1,757 kB/s)
Reading changelogs... Done
Extracting templates from packages: 100%
(Reading database ... 131575 files and directories currently installed.)
Preparing to unpack .../00-libldap-common_2.4.44+dfsg-5+deb9u3_all.deb ...
Unpacking libldap-common (2.4.44+dfsg-5+deb9u3) over (2.4.44+dfsg-5+deb9u2) ...
Preparing to unpack .../01-libldap-2.4-2_2.4.44+dfsg-5+deb9u3_amd64.deb ...
Unpacking libldap-2.4-2:amd64 (2.4.44+dfsg-5+deb9u3) over (2.4.44+dfsg-5+deb9u2) ...
Selecting previously unselected package libnfsidmap2:amd64.
Preparing to unpack .../02-libnfsidmap2_0.25-5.1_amd64.deb ...
Unpacking libnfsidmap2:amd64 (0.25-5.1) ...
Preparing to unpack .../03-libsasl2-modules_2.1.27~101-g0780600+dfsg-3+deb9u1_amd64.deb ...
Unpacking libsasl2-modules:amd64 (2.1.27~101-g0780600+dfsg-3+deb9u1) over (2.1.27~101-g0780600+dfsg-3) ...
Selecting previously unselected package libsasl2-modules-gssapi-mit:amd64.
Preparing to unpack .../04-libsasl2-modules-gssapi-mit_2.1.27~101-g0780600+dfsg-3+deb9u1_amd64.deb ...
Unpacking libsasl2-modules-gssapi-mit:amd64 (2.1.27~101-g0780600+dfsg-3+deb9u1) ...
Selecting previously unselected package adcli.
Preparing to unpack .../05-adcli_0.8.2-1+b1_amd64.deb ...
Unpacking adcli (0.8.2-1+b1) ...
Selecting previously unselected package ldap-utils.
Preparing to unpack .../06-ldap-utils_2.4.44+dfsg-5+deb9u3_amd64.deb ...
Unpacking ldap-utils (2.4.44+dfsg-5+deb9u3) ...
Selecting previously unselected package libnl-route-3-200:amd64.
Preparing to unpack .../07-libnl-route-3-200_3.2.27-2_amd64.deb ...
Unpacking libnl-route-3-200:amd64 (3.2.27-2) ...
Selecting previously unselected package libpam-pwquality:amd64.
Preparing to unpack .../08-libpam-pwquality_1.3.0-1+b1_amd64.deb ...
Unpacking libpam-pwquality:amd64 (1.3.0-1+b1) ...
Selecting previously unselected package libbasicobjects0:amd64.
Preparing to unpack .../09-libbasicobjects0_0.6.0-1_amd64.deb ...
Unpacking libbasicobjects0:amd64 (0.6.0-1) ...
Selecting previously unselected package libc-ares2:amd64.
Preparing to unpack .../10-libc-ares2_1.12.0-1+deb9u1_amd64.deb ...
Unpacking libc-ares2:amd64 (1.12.0-1+deb9u1) ...
Selecting previously unselected package libcollection4:amd64.
Preparing to unpack .../11-libcollection4_0.6.0-1_amd64.deb ...
Unpacking libcollection4:amd64 (0.6.0-1) ...
Selecting previously unselected package libdhash1:amd64.
Preparing to unpack .../12-libdhash1_0.6.0-1_amd64.deb ...
Unpacking libdhash1:amd64 (0.6.0-1) ...
Selecting previously unselected package libpath-utils1:amd64.
Preparing to unpack .../13-libpath-utils1_0.6.0-1_amd64.deb ...
Unpacking libpath-utils1:amd64 (0.6.0-1) ...
Selecting previously unselected package libref-array1:amd64.
Preparing to unpack .../14-libref-array1_0.6.0-1_amd64.deb ...
Unpacking libref-array1:amd64 (0.6.0-1) ...
Selecting previously unselected package libini-config5:amd64.
Preparing to unpack .../15-libini-config5_0.6.0-1_amd64.deb ...
Unpacking libini-config5:amd64 (0.6.0-1) ...
Selecting previously unselected package libipa-hbac0.
Preparing to unpack .../16-libipa-hbac0_1.15.0-3_amd64.deb ...
Unpacking libipa-hbac0 (1.15.0-3) ...
Selecting previously unselected package libnss-sss:amd64.
Preparing to unpack .../17-libnss-sss_1.15.0-3_amd64.deb ...
Unpacking libnss-sss:amd64 (1.15.0-3) ...
Selecting previously unselected package libpam-sss:amd64.
Preparing to unpack .../18-libpam-sss_1.15.0-3_amd64.deb ...
Unpacking libpam-sss:amd64 (1.15.0-3) ...
Selecting previously unselected package libsss-idmap0.
Preparing to unpack .../19-libsss-idmap0_1.15.0-3_amd64.deb ...
Unpacking libsss-idmap0 (1.15.0-3) ...
Selecting previously unselected package libsss-nss-idmap0.
Preparing to unpack .../20-libsss-nss-idmap0_1.15.0-3_amd64.deb ...
Unpacking libsss-nss-idmap0 (1.15.0-3) ...
Selecting previously unselected package libsss-sudo.
Preparing to unpack .../21-libsss-sudo_1.15.0-3_amd64.deb ...
Unpacking libsss-sudo (1.15.0-3) ...
Selecting previously unselected package python-sss.
Preparing to unpack .../22-python-sss_1.15.0-3_amd64.deb ...
Unpacking python-sss (1.15.0-3) ...
Selecting previously unselected package sssd-common.
Preparing to unpack .../23-sssd-common_1.15.0-3_amd64.deb ...
Unpacking sssd-common (1.15.0-3) ...
Selecting previously unselected package sssd-ad-common.
Preparing to unpack .../24-sssd-ad-common_1.15.0-3_amd64.deb ...
Unpacking sssd-ad-common (1.15.0-3) ...
Selecting previously unselected package sssd-krb5-common.
Preparing to unpack .../25-sssd-krb5-common_1.15.0-3_amd64.deb ...
Unpacking sssd-krb5-common (1.15.0-3) ...
Selecting previously unselected package sssd-ad.
Preparing to unpack .../26-sssd-ad_1.15.0-3_amd64.deb ...
Unpacking sssd-ad (1.15.0-3) ...
Selecting previously unselected package sssd-ipa.
Preparing to unpack .../27-sssd-ipa_1.15.0-3_amd64.deb ...
Unpacking sssd-ipa (1.15.0-3) ...
Selecting previously unselected package sssd-krb5.
Preparing to unpack .../28-sssd-krb5_1.15.0-3_amd64.deb ...
Unpacking sssd-krb5 (1.15.0-3) ...
Selecting previously unselected package sssd-ldap.
Preparing to unpack .../29-sssd-ldap_1.15.0-3_amd64.deb ...
Unpacking sssd-ldap (1.15.0-3) ...
Selecting previously unselected package sssd-proxy.
Preparing to unpack .../30-sssd-proxy_1.15.0-3_amd64.deb ...
Unpacking sssd-proxy (1.15.0-3) ...
Selecting previously unselected package sssd.
Preparing to unpack .../31-sssd_1.15.0-3_amd64.deb ...
Unpacking sssd (1.15.0-3) ...
Setting up libsss-idmap0 (1.15.0-3) ...
Setting up libpath-utils1:amd64 (0.6.0-1) ...
Setting up libsss-nss-idmap0 (1.15.0-3) ...
Setting up libpam-pwquality:amd64 (1.3.0-1+b1) ...
Setting up libldap-common (2.4.44+dfsg-5+deb9u3) ...
Setting up libipa-hbac0 (1.15.0-3) ...
Setting up libnl-route-3-200:amd64 (3.2.27-2) ...
Setting up libpam-sss:amd64 (1.15.0-3) ...
Setting up python-sss (1.15.0-3) ...
Setting up libdhash1:amd64 (0.6.0-1) ...
Setting up libcollection4:amd64 (0.6.0-1) ...
Setting up libnss-sss:amd64 (1.15.0-3) ...
First installation detected...
Checking NSS setup...
Processing triggers for libc-bin (2.24-11+deb9u4) ...
Setting up libldap-2.4-2:amd64 (2.4.44+dfsg-5+deb9u3) ...
Processing triggers for systemd (232-25+deb9u9) ...
Processing triggers for man-db (2.7.6.1-2) ...
Setting up libbasicobjects0:amd64 (0.6.0-1) ...
Setting up libref-array1:amd64 (0.6.0-1) ...
Setting up libsasl2-modules:amd64 (2.1.27~101-g0780600+dfsg-3+deb9u1) ...
Setting up libc-ares2:amd64 (1.12.0-1+deb9u1) ...
Setting up libsss-sudo (1.15.0-3) ...
Checking NSS setup...
Setting up libini-config5:amd64 (0.6.0-1) ...
Setting up libnfsidmap2:amd64 (0.25-5.1) ...
Setting up ldap-utils (2.4.44+dfsg-5+deb9u3) ...
Setting up libsasl2-modules-gssapi-mit:amd64 (2.1.27~101-g0780600+dfsg-3+deb9u1) ...
Setting up adcli (0.8.2-1+b1) ...
Setting up sssd-common (1.15.0-3) ...
Creating SSSD system user & group...
adduser: Warning: The home directory `/var/lib/sss' does not belong to the user you are currently creating.
Created symlink /etc/systemd/system/sockets.target.wants/sssd-secrets.socket → /lib/systemd/system/sssd-secrets.socket.
Created symlink /etc/systemd/system/multi-user.target.wants/sssd.service → /lib/systemd/system/sssd.service.
Job for sssd.service failed because the control process exited with error code.
See "systemctl status sssd.service" and "journalctl -xe" for details.
invoke-rc.d: initscript sssd, action "start" failed.
● sssd.service - System Security Services Daemon
   Loaded: loaded (/lib/systemd/system/sssd.service; enabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since Fri 2019-03-29 11:07:38 MDT; 28ms ago
  Process: 3253 ExecStart=/usr/sbin/sssd -i -f (code=exited, status=4)
 Main PID: 3253 (code=exited, status=4)

Mar 29 11:07:38 host-debian9 systemd[1]: Starting System Security Services Daemon...
Mar 29 11:07:38 host-debian9 sssd[3253]: Configuration file: /etc/sssd/sssd.conf does not exist.
Mar 29 11:07:38 host-debian9 systemd[1]: sssd.service: Main process exited, code=exited, status=4/NOP…ISSION
Mar 29 11:07:38 host-debian9 systemd[1]: Failed to start System Security Services Daemon.
Mar 29 11:07:38 host-debian9 systemd[1]: sssd.service: Unit entered failed state.
Mar 29 11:07:38 host-debian9 systemd[1]: sssd.service: Failed with result 'exit-code'.
Hint: Some lines were ellipsized, use -l to show in full.
... because /etc/sssd/sssd.conf is not available yet
sssd-secrets.service is a disabled or a static unit, not starting it.
Setting up sssd-krb5-common (1.15.0-3) ...
Setting up sssd-ad-common (1.15.0-3) ...
Setting up sssd-krb5 (1.15.0-3) ...
Setting up sssd-ldap (1.15.0-3) ...
Setting up sssd-proxy (1.15.0-3) ...
Setting up sssd-ad (1.15.0-3) ...
Setting up sssd-ipa (1.15.0-3) ...
Setting up sssd (1.15.0-3) ...
Processing triggers for libc-bin (2.24-11+deb9u4) ...
Processing triggers for systemd (232-25+deb9u9) ...
user at host-debian9:~$ journalctl -xe
Hint: You are currently not seeing messages from other users and the system.
      Users in the 'systemd-journal' group can see all messages. Pass -q to
      turn off this notice.
No journal files were opened due to insufficient permissions.
user at host-debian9:~$ sudo -i
[sudo] password for user:
root at host-debian9:~# journalctl -xe
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- Unit apt-daily.service has begun starting up.
Jan 15 11:46:08 host-debian9 systemd[1]: Started Run anacron jobs.
-- Subject: Unit anacron.service has finished start-up
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- Unit anacron.service has finished starting up.
--
-- The start-up result is done.
Jan 15 11:46:08 host-debian9 anacron[3321]: Anacron 2.3 started on 2020-01-15
Jan 15 11:46:08 host-debian9 anacron[3321]: Will run job `cron.daily' in 5 min.
Jan 15 11:46:08 host-debian9 anacron[3321]: Will run job `cron.weekly' in 10 min.
Jan 15 11:46:08 host-debian9 anacron[3321]: Will run job `cron.monthly' in 15 min.
Jan 15 11:46:08 host-debian9 anacron[3321]: Jobs will be executed sequentially
Jan 15 11:46:11 host-debian9 systemd[1]: Started Daily apt download activities.
-- Subject: Unit apt-daily.service has finished start-up
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- Unit apt-daily.service has finished starting up.
--
-- The start-up result is done.
Jan 15 11:46:11 host-debian9 systemd[1]: apt-daily.timer: Adding 1h 10min 58.874212s random time.
Jan 15 11:46:11 host-debian9 systemd[1]: apt-daily.timer: Adding 11h 32min 13.004456s random time.
Jan 15 11:46:11 host-debian9 systemd[1]: Starting Daily apt upgrade and clean activities...
-- Subject: Unit apt-daily-upgrade.service has begun start-up
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- Unit apt-daily-upgrade.service has begun starting up.
Jan 15 11:47:05 host-debian9 sudo[3614]: user : problem with defaults entries ; TTY=pts/0 ; PWD=/home/us
Jan 15 11:47:08 host-debian9 sudo[3614]: user : TTY=pts/0 ; PWD=/home/user ; USER=root ; COMMAND=/bi
Jan 15 11:47:08 host-debian9 sudo[3614]: pam_unix(sudo:session): session opened for user root by (uid=0)
root at host-debian9:~# ls -l /etc/sssd/sssd.conf
-rw------- 1 root root 0 Mar 29  2019 /etc/sssd/sssd.conf
root at host-debian9:~# ls -ld /etc/sssd
drwx--x--x 3 sssd sssd 4096 Mar 29  2019 /etc/sssd
root at host-debian9:~# systemctl restart sssd
Job for sssd.service failed because the control process exited with error code.
See "systemctl status sssd.service" and "journalctl -xe" for details.
root at host-debian9:~# journalctl -xe
-- Subject: Unit apt-daily.service has finished start-up
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- Unit apt-daily.service has finished starting up.
--
-- The start-up result is done.
Jan 15 11:46:11 host-debian9 systemd[1]: apt-daily.timer: Adding 1h 10min 58.874212s random time.
Jan 15 11:46:11 host-debian9 systemd[1]: apt-daily.timer: Adding 11h 32min 13.004456s random time.
Jan 15 11:46:11 host-debian9 systemd[1]: Starting Daily apt upgrade and clean activities...
-- Subject: Unit apt-daily-upgrade.service has begun start-up
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- Unit apt-daily-upgrade.service has begun starting up.
Jan 15 11:47:05 host-debian9 sudo[3614]: user : problem with defaults entries ; TTY=pts/0 ; PWD=/home/us
Jan 15 11:47:08 host-debian9 sudo[3614]: user : TTY=pts/0 ; PWD=/home/user ; USER=root ; COMMAND=/bi
Jan 15 11:47:08 host-debian9 sudo[3614]: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 11:47:58 host-debian9 systemd[1]: Starting System Security Services Daemon...
-- Subject: Unit sssd.service has begun start-up
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- Unit sssd.service has begun starting up.
Jan 15 11:47:59 host-debian9 sssd[3627]: SSSD couldn't load the configuration database [5]: Input/output err
Jan 15 11:47:59 host-debian9 systemd[1]: sssd.service: Main process exited, code=exited, status=4/NOPERMISSI
Jan 15 11:47:59 host-debian9 systemd[1]: Failed to start System Security Services Daemon.
-- Subject: Unit sssd.service has failed
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- Unit sssd.service has failed.
--
-- The result is failed.
Jan 15 11:47:59 host-debian9 systemd[1]: sssd.service: Unit entered failed state.
Jan 15 11:47:59 host-debian9 systemd[1]: sssd.service: Failed with result 'exit-code'.
root at host-debian9:~#

I have tried several different combinations of permissions and ownership (between sssd and root users) for the sssd.conf config file and the service still will not start, giving the same status=4/permission error each time, saying the sssd.conf file cannot be read.


I am using Debian 9 4.9.0-8-amd64 #1 SMP Debian 4.9.144-3.1 (2019-02-19) x86_x64 GNU/Linux

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-sssd-devel/attachments/20200115/9979d944/attachment-0001.html>

More information about the Pkg-sssd-devel mailing list