Bug 1287100
Summary: | Unable to restart sssd due to world readable file permissions for /etc/sssd/sssd.conf | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Abhijeet Kasurde <akasurde> | ||||
Component: | ipa | Assignee: | IPA Maintainers <ipa-maint> | ||||
Status: | CLOSED NOTABUG | QA Contact: | Namita Soman <nsoman> | ||||
Severity: | unspecified | Docs Contact: | |||||
Priority: | unspecified | ||||||
Version: | 7.2 | CC: | grajaiya, jgalipea, jhrozek, lslebodn, mkosek, mzidek, pbrezina, preichl, rcritten, sbose | ||||
Target Milestone: | rc | ||||||
Target Release: | --- | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2015-12-01 14:53:21 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Since ipa-client-install configures SSSD I think ipa-client-install should make sure that the permissions on the file are correct. Moving to ipa. It's not bug in sssd. It's expected behaviour. The file /etc/sssd/sssd.conf should be readable only by root. sh# ls -l /etc/sssd/sssd.conf -rw-------. 1 root root 4334 Dec 1 13:29 /etc/sssd/sssd.conf Did you have /etc/sssd/sssd.conf on you machine before enrolling to IPA server? If the file did not exist then it might be an issue in ipa-client. sssd set umast to 0o177 in method write (class SSSDConfig) /usr/lib/python2.7/site-packages/SSSDConfig/__init__.py 1468 old_umask = os.umask(0o177) 1469 of = open(outputfile, "wb") 1470 output = self.dump(self.opts).encode('utf-8') 1471 of.write(output) 1472 of.close() 1473 os.umask(old_umask) Closing bz as CLOSED NOTABUG as due to mis-configuration file permissions got changed for /etc/sssd/sssd.conf. |
Created attachment 1100926 [details] ipa-client-install.log Description of problem: While installing IPA client on test machine found that SSSD service always fails to restart. Found that # ls -lh /etc/sssd/sssd.conf -rw-r--r--. 1 root root 483 Dec 1 19:12 /etc/sssd/sssd.conf changing permissions from 644 to 600 fixes issue. Version-Release number of selected component (if applicable): sssd-1.13.0-39.el7.x86_64 How reproducible: 100% Steps to Reproduce: 1. Try to enroll system into IPA environment using 'ipa-client-install' 2. Actual results: ipa-client-install fails to restart sssd service Expected results: ipa-client-install should be able to restart sssd service Additional info: ipa-client-install can restart service sssd after changing permission to 600 for file /etc/sssd/sssd.conf