Bug 1059753

Summary: Warn with a user-friendly error message when permissions on sssd.conf are incorrect
Product: Red Hat Enterprise Linux 7 Reporter: Jakub Hrozek <jhrozek>
Component: sssdAssignee: Jakub Hrozek <jhrozek>
Status: CLOSED CURRENTRELEASE QA Contact: Kaushik Banerjee <kbanerje>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.0CC: apeetham, grajaiya, jgalipea, lslebodn, mkosek, pbrezina, preichl
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: sssd-1.11.2-39.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-06-13 12:42:43 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jakub Hrozek 2014-01-30 14:58:53 UTC 
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/sssd/ticket/2208

When permissions or ownership on sssd.conf incorrect, we only print a DEBUG message saying:

"Insufficient permissions to read configurationfile."

We should a) hint that the expected permissions and ownership are 0600 root.root and b) print a syslog message in addition to a DEBUG message.
Comment 2 Jakub Hrozek 2014-02-11 20:55:04 UTC 
Pushed upstream:
    sssd-1-11: a54c7b1ccfd6e0a049da26afc3a2e87b332ec40e
    master: b3cc9b98966fa2d90172348c334b3b70c5261ab3
Comment 4 Amith 2014-02-26 12:12:08 UTC 
Verified the bug on SSSD Version: sssd-1.11.2-40.el7.x86_64

As part of verification, i gave incorrect permission to sssd.conf file. When attempted to start the service, following log files showed below given error messages:

1. /var/log/sssd/sssd.log -

(Wed Feb 26 17:35:13:974459 2014) [sssd] [load_configuration] (0x0010): ConfDB initialization has failed [Operation not permitted]
(Wed Feb 26 17:35:13:974509 2014) [sssd] [main] (0x0020): Cannot read config file /etc/sssd/sssd.conf. Please check if permissions are 0600 and the file is owned by root.root.

2. /var/log/messages -

Feb 26 17:35:13 rhel-7 sssd: Cannot read config file /etc/sssd/sssd.conf. Please check if permissions are 0600 and the file is owned by root.root.
Feb 26 17:35:13 rhel-7 systemd: sssd.service: control process exited, code=exited status=4
Feb 26 17:35:13 rhel-7 systemd: Failed to start System Security Services Daemon.
Comment 5 Ludek Smid 2014-06-13 12:42:43 UTC 
This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.