Red Hat Bugzilla – Bug 1287100
Unable to restart sssd due to world readable file permissions for /etc/sssd/sssd.conf
Last modified: 2015-12-01 09:53:21 EST
Created attachment 1100926 [details]
Description of problem:
While installing IPA client on test machine found that SSSD service always fails to restart. Found that
# ls -lh /etc/sssd/sssd.conf
-rw-r--r--. 1 root root 483 Dec 1 19:12 /etc/sssd/sssd.conf
changing permissions from 644 to 600 fixes issue.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Try to enroll system into IPA environment using 'ipa-client-install'
ipa-client-install fails to restart sssd service
ipa-client-install should be able to restart sssd service
ipa-client-install can restart service sssd after changing permission to 600 for file /etc/sssd/sssd.conf
Since ipa-client-install configures SSSD I think ipa-client-install should make sure that the permissions on the file are correct.
Moving to ipa.
It's not bug in sssd. It's expected behaviour.
The file /etc/sssd/sssd.conf should be readable only by root.
sh# ls -l /etc/sssd/sssd.conf
-rw-------. 1 root root 4334 Dec 1 13:29 /etc/sssd/sssd.conf
Did you have /etc/sssd/sssd.conf on you machine before enrolling to IPA server?
If the file did not exist then it might be an issue in ipa-client.
sssd set umast to 0o177 in method write (class SSSDConfig)
1468 old_umask = os.umask(0o177)
1469 of = open(outputfile, "wb")
1470 output = self.dump(self.opts).encode('utf-8')
Closing bz as CLOSED NOTABUG as due to mis-configuration file permissions got changed for /etc/sssd/sssd.conf.