On Wed, Sep 3, 2025 at 12:25 AM Alexey Tikhonov <[email protected]> wrote: > > > > On Tue, Sep 2, 2025 at 6:26 PM Travis Bean via sssd-users > <[email protected]> wrote: >> >> I moved sssd.conf from /etc/sssd/conf.d to /etc/sssd and set the >> permissions to chmod 0600, and now it starts. Take a look at this: >> https://www.seimaxim.com/linux/sssd-fails-to-start-with-error-file-ownership-and-permissions-check-failed > > Moreover, as I wrote, ownership and access mode requirements are different > for sssd-2.9- and sssd-2.10+ > What you wrote seems to apply to sssd-2.9 - LTM branch. > For sssd-2.10 recommended mode is 640 and ownership 'root:sssd'
It would be a good idea for this information about file ownership and permission requirements to be included in documentation located at /usr/share/doc/sssd-common/README. sssd.conf is not installed by default to /etc/sssd. There is an example configuration file located at /usr/share/doc/sssd-common/examples/sssd-example.conf, but it has permissions of 0644 and is owned by root:root. When troubleshooting the error message "File ownership and permissions check failed" that was displayed when I debugged SSSD, I googled the error message, and there are two web pages that provide a resolution. The first web page is https://access.redhat.com/solutions/6814561, but when I tried to log in with my Red Hat developer account, it said, "An active Red Hat subscription is required to participate." The second web page is the link I provided in my last email. This must be a common problem that needs to be addressed. By the way, I am running SSSD version 2.8.2-4. Kind regards, Travis Bean -- _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
