Christopher Byrne writes:
> Upgrading to sys-auth/sssd-2.12 from version <2.10.0 requires new
> permissions on the /var/lib/sss, /var/lib/sssd/ and /etc/sssd
> directories.
>
> Bug: https://bugs.gentoo.org/966684
> Signed-off-by: Christopher Byrne
> ---
> .../2026-01-15-sssd-2_12-keywording.en.txt| 33 +++
> 1 file changed, 33 insertions(+)
> create mode 100644
> 2026-01-15-sssd-2_12-keywording/2026-01-15-sssd-2_12-keywording.en.txt
>
> diff --git
> a/2026-01-15-sssd-2_12-keywording/2026-01-15-sssd-2_12-keywording.en.txt
> b/2026-01-15-sssd-2_12-keywording/2026-01-15-sssd-2_12-keywording.en.txt
> new file mode 100644
> index 000..1a4b6bd
> --- /dev/null
> +++ b/2026-01-15-sssd-2_12-keywording/2026-01-15-sssd-2_12-keywording.en.txt
> @@ -0,0 +1,33 @@
> +Title: sssd to run as a dedicated user
> +Author: Christopher Byrne
> +Posted: 2027-01-15
2026 :)
> +Revision: 1
> +News-Item-Format: 2.0
> +Display-If-Installed: +
> +sssd now runs as its own user, rather than root, and uses file
> +capabiltites for its helpers. Although it had this functionalilty for
> +a while, it wasn't completely usable unttil 2.10.
until
> +
> +Because of the user change, the sssd database, logs, and
> +configuration files must have their ownership changed.
> +
> +== Systemd users ==
> +After upgrading sssd, stop the sssd service. Then execute the following
> +commands:
> +
> +chown -R sssd:sssd /var/lib/sss
> +chown -R sssd:sssd /var/log/sssd
> +
> +Then restart the sssd service and verify it launched succesfully.
> +
> +== openrc users ===
> +
> +After upgrading sssd, stop the sssd service. Then execute the following
> +commands:
> +
> +chown -R sssd:sssd /var/lib/sss
> +chown -R sssd:sssd /var/log/sssd
> +chown -R root:sssd /etc/sssd
> +
> +Then restart the sssd service and verify it launched succesfully.
Seems good otherwise.
signature.asc
Description: PGP signature
