Christopher Byrne <[email protected]> writes: > Upgrading to sys-auth/sssd-2.12 from version <2.10.0 requires new > permissions on the /var/lib/sss, /var/lib/sssd/ and /etc/sssd > directories. > > Bug: https://bugs.gentoo.org/966684 > Signed-off-by: Christopher Byrne <[email protected]> > --- > .../2026-01-15-sssd-2_12-keywording.en.txt | 33 +++++++++++++++++++ > 1 file changed, 33 insertions(+) > create mode 100644 > 2026-01-15-sssd-2_12-keywording/2026-01-15-sssd-2_12-keywording.en.txt > > diff --git > a/2026-01-15-sssd-2_12-keywording/2026-01-15-sssd-2_12-keywording.en.txt > b/2026-01-15-sssd-2_12-keywording/2026-01-15-sssd-2_12-keywording.en.txt > new file mode 100644 > index 0000000..1a4b6bd > --- /dev/null > +++ b/2026-01-15-sssd-2_12-keywording/2026-01-15-sssd-2_12-keywording.en.txt > @@ -0,0 +1,33 @@ > +Title: sssd to run as a dedicated user > +Author: Christopher Byrne <[email protected]> > +Posted: 2027-01-15
2026 :) > +Revision: 1 > +News-Item-Format: 2.0 > +Display-If-Installed: <sys-sys/sssd-2.10 I think this end up being counterproductive, because users will only see it if they emerge --sync and DON'T do a world upgrade to get new sssd. Let's just make it unversioned IMO: sys-auth/sssd (Also, typo: sys-sys vs sys-auth). > + > +sssd now runs as its own user, rather than root, and uses file > +capabiltites for its helpers. Although it had this functionalilty for > +a while, it wasn't completely usable unttil 2.10. until > + > +Because of the user change, the sssd database, logs, and > +configuration files must have their ownership changed. > + > +== Systemd users == > +After upgrading sssd, stop the sssd service. Then execute the following > +commands: > + > +chown -R sssd:sssd /var/lib/sss > +chown -R sssd:sssd /var/log/sssd > + > +Then restart the sssd service and verify it launched succesfully. > + > +== openrc users === > + > +After upgrading sssd, stop the sssd service. Then execute the following > +commands: > + > +chown -R sssd:sssd /var/lib/sss > +chown -R sssd:sssd /var/log/sssd > +chown -R root:sssd /etc/sssd > + > +Then restart the sssd service and verify it launched succesfully. Seems good otherwise.
signature.asc
Description: PGP signature
