Description of problem: SSSD service fails to restart, when "user = sssd" is set in SSSD.CONF, we don't see this behaviour in downstream RHEL-8.3 / RHEL-8.4 systems. Version-Release number of selected component (if applicable): sssd-2.4.0-2.fc33.x86_64 libsss_simpleifp-2.4.0-2.fc33.x86_64 How reproducible: Always Steps to Reproduce: 1. Configure sssd.conf as follows: [sssd] config_file_version = 2 reconnection_retries = 3 sbus_timeout = 30 services = nss, pam, ifp debug_level = 0xFFF0 user = sssd [nss] filter_groups = root filter_users = root reconnection_retries = 3 [pam] reconnection_retries = 3 [ifp] allowed_uids = root user_attributes = +mail, +givenname, +sn debug_level = 0xFFF0 2. Restart SSSD service, it fails with error. # systemctl restart sssd; systemctl status sssd Job for sssd.service failed because the control process exited with error code. See "systemctl status sssd.service" and "journalctl -xe" for details. ● sssd.service - System Security Services Daemon Loaded: loaded (/usr/lib/systemd/system/sssd.service; enabled; vendor preset: enabled) Active: activating (auto-restart) (Result: exit-code) since Thu 2020-11-12 20:27:20 IST; 10ms ago Process: 6678 ExecStart=/usr/sbin/sssd -i ${DEBUG_LOGGER} (code=exited, status=4) Main PID: 6678 (code=exited, status=4) CPU: 15ms Nov 12 20:27:20 mojito.redhat.com systemd[1]: Failed to start System Security Services Daemon. 3. Below is the sssd.log contents, logged right after service restart: (2020-11-12 20:27:20): [sssd] [monitor_quit_signal] (0x2000): Received shutdown command (2020-11-12 20:27:20): [sssd] [monitor_quit_signal] (0x0040): Monitor received Terminated: terminating children (2020-11-12 20:27:20): [sssd] [monitor_quit] (0x0040): Returned with: 0 (2020-11-12 20:27:20): [sssd] [monitor_quit] (0x0020): Terminating [ifp][6526] (2020-11-12 20:27:20): [sssd] [monitor_quit] (0x0020): Child [ifp] exited gracefully (2020-11-12 20:27:20): [sssd] [monitor_quit] (0x0020): Terminating [pam][6525] (2020-11-12 20:27:20): [sssd] [monitor_quit] (0x0020): Child [pam] terminated with a signal (2020-11-12 20:27:20): [sssd] [monitor_quit] (0x0020): Terminating [nss][6524] (2020-11-12 20:27:20): [sssd] [monitor_quit] (0x0020): Child [nss] exited gracefully (2020-11-12 20:27:20): [sssd] [monitor_quit] (0x0020): Terminating [implicit_files][6523] (2020-11-12 20:27:20): [sssd] [monitor_quit] (0x0020): Child [implicit_files] exited gracefully (2020-11-12 20:27:20): [sssd] [watch_ctx_destructor] (0x2000): Closing inotify fd 0 (2020-11-12 20:27:20:592247): [sssd] [get_service_user] (0x0010): Failed to set allowed UIDs. (2020-11-12 20:27:20:592289): [sssd] [get_monitor_config] (0x0020): Failed to get the unprivileged user (2020-11-12 20:27:20:592325): [sssd] [main] (0x0020): SSSD couldn't load the configuration database. (2020-11-12 20:27:20:860946): [sssd] [get_service_user] (0x0010): Failed to set allowed UIDs. (2020-11-12 20:27:20:861023): [sssd] [get_monitor_config] (0x0020): Failed to get the unprivileged user (2020-11-12 20:27:20:861077): [sssd] [main] (0x0020): SSSD couldn't load the configuration database. (2020-11-12 20:27:21:099530): [sssd] [get_service_user] (0x0010): Failed to set allowed UIDs. (2020-11-12 20:27:21:099570): [sssd] [get_monitor_config] (0x0020): Failed to get the unprivileged user (2020-11-12 20:27:21:099609): [sssd] [main] (0x0020): SSSD couldn't load the configuration database. (2020-11-12 20:27:21:354551): [sssd] [get_service_user] (0x0010): Failed to set allowed UIDs. (2020-11-12 20:27:21:354631): [sssd] [get_monitor_config] (0x0020): Failed to get the unprivileged user (2020-11-12 20:27:21:354678): [sssd] [main] (0x0020): SSSD couldn't load the configuration database. (2020-11-12 20:27:21:596433): [sssd] [get_service_user] (0x0010): Failed to set allowed UIDs. (2020-11-12 20:27:21:596565): [sssd] [get_monitor_config] (0x0020): Failed to get the unprivileged user (2020-11-12 20:27:21:596672): [sssd] [main] (0x0020): SSSD couldn't load the configuration database. Actual results: SSSD fails to restart. Expected results: Like rhel-8.4, sssd service should restart without issues. Additional info:
Hi, 1) I would expect 0x0040 level message from `sss_user_by_name_or_uid()` in the log. Does sssd.conf correspond log provided? (I don't see `debug_microseconds` enabled in sssd.conf, but microseconds are in the log.) 2) could you please provide output of `id sssd` on this system?
(In reply to Alexey Tikhonov from comment #1) > Hi, > > 1) I would expect 0x0040 level message from `sss_user_by_name_or_uid()` in > the log. With debug_level = 0x0040 set in SSSD section, i could get only the following data from sssd.log file: # cat sssd.log (2020-11-19 6:37:18:819963): [sssd] [get_service_user] (0x0010): Failed to set allowed UIDs. (2020-11-19 6:37:18:820023): [sssd] [get_monitor_config] (0x0020): Failed to get the unprivileged user (2020-11-19 6:37:18:820062): [sssd] [main] (0x0020): SSSD couldn't load the configuration database. (2020-11-19 6:37:18:996977): [sssd] [get_service_user] (0x0010): Failed to set allowed UIDs. (2020-11-19 6:37:18:997013): [sssd] [get_monitor_config] (0x0020): Failed to get the unprivileged user (2020-11-19 6:37:18:997051): [sssd] [main] (0x0020): SSSD couldn't load the configuration database. (2020-11-19 6:37:19:232383): [sssd] [get_service_user] (0x0010): Failed to set allowed UIDs. (2020-11-19 6:37:19:232440): [sssd] [get_monitor_config] (0x0020): Failed to get the unprivileged user (2020-11-19 6:37:19:232487): [sssd] [main] (0x0020): SSSD couldn't load the configuration database. (2020-11-19 6:37:19:491074): [sssd] [get_service_user] (0x0010): Failed to set allowed UIDs. (2020-11-19 6:37:19:491112): [sssd] [get_monitor_config] (0x0020): Failed to get the unprivileged user (2020-11-19 6:37:19:491147): [sssd] [main] (0x0020): SSSD couldn't load the configuration database. (2020-11-19 6:37:19:743258): [sssd] [get_service_user] (0x0010): Failed to set allowed UIDs. (2020-11-19 6:37:19:743302): [sssd] [get_monitor_config] (0x0020): Failed to get the unprivileged user (2020-11-19 6:37:19:743351): [sssd] [main] (0x0020): SSSD couldn't load the configuration database. here is the sssd.conf settings: # cat /etc/sssd/sssd.conf [sssd] config_file_version = 2 reconnection_retries = 3 sbus_timeout = 30 services = nss, pam, ifp debug_level = 0x0040 user = sssd [nss] filter_groups = root filter_users = root reconnection_retries = 3 [pam] reconnection_retries = 3 [ifp] allowed_uids = root user_attributes = +mail, +givenname, +sn debug_level = 0x0040 > > Does sssd.conf correspond log provided? (I don't see `debug_microseconds` > enabled in sssd.conf, but microseconds are in the log.) > > 2) could you please provide output of `id sssd` on this system? In the case of RHEL-8.4.0, "sssd" user gets created automatically. Here is the sssd rpm version and id command output: # rpm -q sssd sssd-2.3.0-9.el8.x86_64 # id sssd uid=996(sssd) gid=993(sssd) groups=993(sssd) In the case of Fedora-33, "sssd" user is not created at all. # rpm -q sssd sssd-2.4.0-2.fc33.x86_64 # id sssd id: ‘sssd’: no such user
(In reply to Amith from comment #2) > > > > 2) could you please provide output of `id sssd` on this system? > > In the case of RHEL-8.4.0, "sssd" user gets created automatically. On RHEL corresponding user and group are created during package installation via `%pre` section in spec-file. > In the case of Fedora-33, "sssd" user is not created at all. Spec-file in Fedora is different and doesn't create those user/group. So please either create user/group manually and close this BZ as "notabug" or convert this BZ to RFE (but I'm not sure if it makes much sense).
Closing this bug based on the comment #2.