Learn more about these different git repos.
Other Git URLs
I noticed when I enabled Posix ACLs to configure a directory specific umask. Each time I restarted sssd, the following file permissions were not world writable or readable.
/var/lib/sssd/pipe/nss /var/lib/sssd/pipe/pam
Creating the following error when logging in; id: cannot find name for user ID
[sidecontrol@heavy:~]# ssh sidecontrol.com Last login: Thu Nov 24 01:41:16 2011 from sidecontrol.com id: cannot find name for user ID 2000 id: cannot find name for group ID 1000 id: cannot find name for user ID 2000 [I have no name!@heavy:~]#
This does not prevent you from logging in but it will prevent you for using your sudoers file to escalate your privileges.
/var/lib/sss/ permissions
[I have no name!@heavy:/var/lib/sss/pipes]# ls -ltrh total 16K drwx------+ 2 root root 4.0K Nov 24 01:41 private srw--w-r--+ 1 root root 0 Nov 24 01:41 pam srw--w-r--+ 1 root root 0 Nov 24 01:41 nss [I have no name!@heavy:/var/lib/sss/pipes]# getfacl nss # file: nss # owner: root # group: root user::rw- group::r-x #effective:--- mask::-w- other::r--
A simple chmod 666 on the files resolved the issue.
[root@heavy:~]# cd /var/lib/sss/pipes/ [root@heavy:/var/lib/sss/pipes]# ls nss pam private [root@heavy:/var/lib/sss/pipes]# chmod 666 nss pam [root@heavy:/var/lib/sss/pipes]# su - sidecontrol [sidecontrol@heavy:~]#
However this happens each time I restart SSSD, this did not happen on a machine without the Posix ACLs. Granted I can setup an ACL to force all files to be read write in that folder, but it seems like it might be worth taking a look at. I hope this helps.
Cheers.
I haven't been able to reproduce this. We explicitly set umask to 111 before creating the socket.
Can you check if there are any default ACLs set with "getfacl /var/lib/sss/pipes" ?
After restarting sssd, these are the pipes permissions.
# file: var/lib/sss/pipes # owner: root # group: root user::rwx group::r-x other::r-x default:user::rwx default:group::r-x #effective:--- default:mask::-w- default:other::r-x
As seen in the getfacl output, /var/lib/sss/pipes has default ACLs. That affects the permissions on the newly created files inside it.
Can you try running:
setfacl --remove-default /var/lib/sss/pipes/
and then restarting SSSD? That should fix your problem.
Did the trick, thank you.
I'm glad it works now. Closing the ticket.
resolution: => invalid status: new => closed
Fields changed
rhbz: => 0
milestone: NEEDS_TRIAGE => void
Metadata Update from @sidecontrol: - Issue set to the milestone: void
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/2140
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.