This bug is created as a clone of upstream ticket:
When permissions or ownership on sssd.conf incorrect, we only print a DEBUG message saying:
"Insufficient permissions to read configurationfile."
We should a) hint that the expected permissions and ownership are 0600 root.root and b) print a syslog message in addition to a DEBUG message.
Verified the bug on SSSD Version: sssd-1.11.2-40.el7.x86_64
As part of verification, i gave incorrect permission to sssd.conf file. When attempted to start the service, following log files showed below given error messages:
1. /var/log/sssd/sssd.log -
(Wed Feb 26 17:35:13:974459 2014) [sssd] [load_configuration] (0x0010): ConfDB initialization has failed [Operation not permitted]
(Wed Feb 26 17:35:13:974509 2014) [sssd] [main] (0x0020): Cannot read config file /etc/sssd/sssd.conf. Please check if permissions are 0600 and the file is owned by root.root.
2. /var/log/messages -
Feb 26 17:35:13 rhel-7 sssd: Cannot read config file /etc/sssd/sssd.conf. Please check if permissions are 0600 and the file is owned by root.root.
Feb 26 17:35:13 rhel-7 systemd: sssd.service: control process exited, code=exited status=4
Feb 26 17:35:13 rhel-7 systemd: Failed to start System Security Services Daemon.
This request was resolved in Red Hat Enterprise Linux 7.0.
Contact your manager or support representative in case you have further questions about the request.