Bug 1733372 - permission denied on logs when running sssd as non-root user
Summary: permission denied on logs when running sssd as non-root user
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: sssd
Version: 8.1
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: 8.0
Assignee: SSSD Maintainers
QA Contact: Scott Poore
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-07-25 20:26 UTC by Scott Poore
Modified: 2019-11-05 22:35 UTC (History)
8 users (show)

Fixed In Version: sssd-2.2.0-11.el8
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-11-05 22:34:54 UTC
Type: Bug
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2019:3651 None None None 2019-11-05 22:35:01 UTC

Description Scott Poore 2019-07-25 20:26:08 UTC
Description of problem:

Attempting to switch sssd from running as root to running as sssd user results in errors about sssd accessing log files.


[root@rhel8-2 sssd]# vim /etc/sssd/sssd.conf
[root@rhel8-2 sssd]# systemctl restart sssd

Broadcast message from systemd-journald@rhel8-2.example.com (Thu 2019-07-25 15:20:54 CDT):

sssd[pam][8080]: Could not open file [/var/log/sssd/p11_child.log]. Error: [13][Permission denied]


Version-Release number of selected component (if applicable):
sssd-2.2.0-3.el8.x86_64

How reproducible:
always

Steps to Reproduce:
1.  setup sssd with debug_level = 9 on all sections
2.  in [sssd] add "user = sssd"
3.  systemctl restart sssd

Actual results:
Errors like above and does not start

Expected results:
no errors and runs.  Also, chowns all logs to running user.


Additional info:
Jakub found that it was just missing for child log files I think.

Comment 2 Sumit Bose 2019-08-06 07:55:35 UTC
Upstream ticket:
https://pagure.io/SSSD/sssd/issue/4056

Comment 3 Sumit Bose 2019-08-07 17:12:51 UTC
Master:
 - 9339c445b4b98a28146ff834fec2af42bd3a6340
 - 8119ee216a9471ed2f01b16ed17068f5dc8b83cb
 - e9091aba9c0cbcc1f00f5f0656c200554cc485a3

Comment 5 Scott Poore 2019-08-19 13:44:57 UTC
Verified.

Version ::

sssd-2.2.0-11.el8.x86_64

Results ::

[root@rhel8-2 yum.local.d]# vim /etc/sssd/sssd.conf

[root@rhel8-2 yum.local.d]# grep user /etc/sssd/sssd.conf
user = sssd

[root@rhel8-2 yum.local.d]# ls -l /var/log/sssd/*.log
-rw-------. 1 root root         0 Aug  8 03:29 /var/log/sssd/krb5_child.log
-rw-------. 1 root root   5627552 Aug  9 12:36 /var/log/sssd/ldap_child.log
-rw-------. 1 root root    391311 Aug  6 10:22 /var/log/sssd/p11_child.log
-rw-------. 1 root root    272192 Aug  6 10:22 /var/log/sssd/selinux_child.log
-rw-------. 1 root root 104811401 Aug  9 12:38 /var/log/sssd/sssd_example.com.log
-rw-------. 1 root root      5886 Aug  9 12:36 /var/log/sssd/sssd_implicit_files.log
-rw-------. 1 root root      1974 Aug  7 17:00 /var/log/sssd/sssd_kcm.log
-rw-------. 1 root root   6524011 Aug  9 12:36 /var/log/sssd/sssd.log
-rw-------. 1 root root 176199037 Aug  9 12:38 /var/log/sssd/sssd_nss.log
-rw-------. 1 root root   3631474 Aug  9 12:36 /var/log/sssd/sssd_pac.log
-rw-------. 1 root root  18585051 Aug  9 12:36 /var/log/sssd/sssd_pam.log
-rw-------. 1 root root   5804697 Aug  9 12:36 /var/log/sssd/sssd_ssh.log
-rw-------. 1 root root   3935480 Aug  9 12:36 /var/log/sssd/sssd_sudo.log

[root@rhel8-2 yum.local.d]# systemctl restart sssd

[root@rhel8-2 yum.local.d]# ls -l /var/log/sssd/*.log
-rw-------. 1 sssd sssd         0 Aug  8 03:29 /var/log/sssd/krb5_child.log
-rw-------. 1 sssd sssd   5639229 Aug  9 12:38 /var/log/sssd/ldap_child.log
-rw-------. 1 sssd sssd    391311 Aug  6 10:22 /var/log/sssd/p11_child.log
-rw-------. 1 sssd sssd    272192 Aug  6 10:22 /var/log/sssd/selinux_child.log
-rw-------. 1 sssd sssd 105233672 Aug  9 12:38 /var/log/sssd/sssd_example.com.log
-rw-------. 1 sssd sssd      5995 Aug  9 12:38 /var/log/sssd/sssd_implicit_files.log
-rw-------. 1 root root      1974 Aug  7 17:00 /var/log/sssd/sssd_kcm.log
-rw-------. 1 root root   6607983 Aug  9 12:38 /var/log/sssd/sssd.log
-rw-------. 1 sssd sssd 176387865 Aug  9 12:38 /var/log/sssd/sssd_nss.log
-rw-------. 1 sssd sssd   3688920 Aug  9 12:38 /var/log/sssd/sssd_pac.log
-rw-------. 1 sssd sssd  18658594 Aug  9 12:38 /var/log/sssd/sssd_pam.log
-rw-------. 1 sssd sssd   5872177 Aug  9 12:38 /var/log/sssd/sssd_ssh.log
-rw-------. 1 sssd sssd   4004258 Aug  9 12:38 /var/log/sssd/sssd_sudo.log

Comment 7 errata-xmlrpc 2019-11-05 22:34:54 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2019:3651


Note You need to log in before you can comment on or make changes to this bug.