Bug 2311897

Summary: sssd_kcm service fails with `could not open file /var/lib/sss/secrets/secrets.ldb: Permission denied`
Product: [Fedora] Fedora Reporter: Michal Konecny <mkonecny>
Component: sssdAssignee: sssd-maintainers <sssd-maintainers>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 41CC: abokovoy, atikhono, lslebodn, mkonecny, mzidek, pbrezina, sbose, ssorce, sssd-maintainers
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2024-09-12 11:30:54 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Michal Konecny 2024-09-12 11:24:19 UTC 
After rebasing to Fedora Silverblue 41 from Fedora Silverblue 40 I'm unable to generate a kerberos ticket with `kinit: Connection refused while getting default ccache`. After some searching I found out that this needs sssd_kcm service to be running.

But sssd_kcm fails with:
```
zář 12 13:13:00 zlopez-workstation sssd_kcm[16158]: ltdb: tdb(/var/lib/sss/secrets/secrets.ldb): tdb_open_ex: could not open file /var/lib/sss/secrets/secrets.ldb: Permission denied
zář 12 13:13:00 zlopez-workstation sssd_kcm[16158]: Unable to open tdb '/var/lib/sss/secrets/secrets.ldb': Permission denied
zář 12 13:13:00 zlopez-workstation sssd_kcm[16158]: Failed to connect to '/var/lib/sss/secrets/secrets.ldb' with backend 'tdb': Unable to open tdb '/var/lib/sss/secrets/secrets.ldb: Permission denied
zář 12 13:13:00 zlopez-workstation sssd_kcm[16158]: (2024-09-12 13:13:00): [kcm] [sss_sec_init] (0x0020): Failed to initialize secdb [5]: Input/output error
zář 12 13:13:00 zlopez-workstation sssd_kcm[16158]: (2024-09-12 13:13:00): [kcm] [ccdb_secdb_init] (0x0020): Cannot initialize the security database
zář 12 13:13:00 zlopez-workstation sssd_kcm[16158]: (2024-09-12 13:13:00): [kcm] [kcm_ccdb_init] (0x0020): Cannot initialize ccache database
zář 12 13:13:00 zlopez-workstation sssd_kcm[16158]: (2024-09-12 13:13:00): [kcm] [kcm_process_init] (0x0010): fatal error initializing responder data
```

Reproducible: Always

Steps to Reproduce:
1. systemctl start sssd_kcm
Actual Results:  
Service fails to start

Expected Results:  
Service starts
Comment 1 Michal Konecny 2024-09-12 11:26:36 UTC 
Here is the output of `ls -lh /var/log/sss/secrets/`:
```
total 2,5M
-rw-------. 1 root root 2,5M 12. zář 11.19 secrets.ldb
```
Comment 2 Alexey Tikhonov 2024-09-12 11:30:54 UTC 

*** This bug has been marked as a duplicate of bug 2308428 ***