On Mon, Sep 1, 2025 at 4:51 AM Alexander Bokovoy via sssd-users <[email protected]> wrote:
> And all we need is at least one configuration file with the correct > permissions. The logs say > > ---------------------------------------- > [sssd] [sss_ini_read_sssd_conf] (0x0100): File /etc/sssd/sssd.conf does > not exist. > [sssd] [sss_ini_add_snippets] (0x0020): Config merge error: File > /etc/sssd/conf.d/sssd.conf did not pass access check. Skipping. > ---------------------------------------- > > So it means permissions of /etc/sssd/conf.d/sssd.conf are wrong. > > Sadly, there is no logged message that tells what is expected. Can > this be added? The man page does actually say what is expected, although somewhat obliquely. According to sssd.conf(5): > sssd.conf must be a regular file that is accessible only by the user > used to run SSSD service or root. In practice, this means: (root, root, 0600) or (root, sssd, 0640) The distro’s packaging of sssd will give you a strong hint. E.g.: $ rpm -qlv $(rpm -qf /etc/sssd/sssd.conf) | grep /etc/sssd drwxr-x--- 2 root sssd 0 Jun 4 20:00 /etc/sssd drwxr-x--- 2 root sssd 0 Jun 4 20:00 /etc/sssd/conf.d drwxr-x--- 2 root sssd 0 Jun 4 20:00 /etc/sssd/pki -rw-r----- 1 root sssd 0 Jun 4 20:00 /etc/sssd/sssd.conf So, on this system, /etc/sssd/sssd.conf and /etc/sssd/conf.d/*.conf should be user root, group sssd, mode 0640. -- _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
