commit: ac14cc65b3d81cb22f5ad05307204b71e76ec8f1 Author: Christopher Byrne <salah.coronya <AT> gmail <DOT> com> AuthorDate: Thu Jan 22 02:46:46 2026 +0000 Commit: Sam James <sam <AT> gentoo <DOT> org> CommitDate: Wed Feb 11 00:58:51 2026 +0000 URL: https://gitweb.gentoo.org/data/gentoo-news.git/commit/?id=ac14cc65
2026-02-11-sssd-2_12-keywording: Add news item Upgrading to sys-auth/sssd-2.12 from version <2.10.0 requires new permissions on the /var/lib/sss, /var/lib/sssd/ and /etc/sssd directories. Bug: https://bugs.gentoo.org/966684 Signed-off-by: Christopher Byrne <salah.coronya <AT> gmail.com> Signed-off-by: Sam James <sam <AT> gentoo.org> .../2026-02-11-sssd-2_12-keywording.en.txt | 33 ++++++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/2026-02-11-sssd-2_12-keywording/2026-02-11-sssd-2_12-keywording.en.txt b/2026-02-11-sssd-2_12-keywording/2026-02-11-sssd-2_12-keywording.en.txt new file mode 100644 index 0000000..5da7276 --- /dev/null +++ b/2026-02-11-sssd-2_12-keywording/2026-02-11-sssd-2_12-keywording.en.txt @@ -0,0 +1,33 @@ +Title: sssd to run as a dedicated user +Author: Christopher Byrne <[email protected]> +Posted: 2026-02-11 +Revision: 1 +News-Item-Format: 2.0 +Display-If-Installed: sys-auth/sssd + +sssd now runs as its own user, rather than root, and uses file +capabiltites for its helpers. Although it had this functionalilty for +a while, it wasn't completely usable until 2.10. + +Because of the user change, the sssd database, logs, and +configuration files must have their ownership changed. + +== Systemd users == +After upgrading sssd, stop the sssd service. Then execute the following +commands: + +chown -R sssd:sssd /var/lib/sss +chown -R sssd:sssd /var/log/sssd + +Then restart the sssd service and verify it launched succesfully. + +== openrc users === + +After upgrading sssd, stop the sssd service. Then execute the following +commands: + +chown -R sssd:sssd /var/lib/sss +chown -R sssd:sssd /var/log/sssd +chown -R root:sssd /etc/sssd + +Then restart the sssd service and verify it launched succesfully.
