Am 15.12.20 um 10:14 schrieb Sumit Bose:
On Sun, Dec 13, 2020 at 05:26:52PM -0000, Oliver Freyermuth wrote:
I'm sorry for reviving this old thread, but I have the very same issue.
Debian Buster does not have KEYRING:PERSISTENT support enabled in the kernel:
cat /boot/config-4.19.0-13-amd64 | grep PERSISTENT_KEY
# CONFIG_PERSISTENT_KEYRINGS is not set
I wonder if the directory creation problem is a consequence of the UID mask of
the sssd_be process, i.e. similar to:
https://github.com/SSSD/sssd/commit/14050f35224360883e20ebd810d3eb40f39267cf
Hi,
can you check if the following patch works for you?
diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c
index cab7b27..058e84b 100644
--- a/src/providers/krb5/krb5_child.c
+++ b/src/providers/krb5/krb5_child.c
@@ -972,8 +972,13 @@ static krb5_error_code create_ccache(char *ccname,
krb5_creds *creds)
bool switch_to_cc = false;
#endif
- /* Set a restrictive umask, just in case we end up creating any file */
- umask(SSS_DFL_UMASK);
+ /* Set a restrictive umask, just in case we end up creating any file or a
+ * directory */
+ if (strncmp(ccname, "DIR:", 4) == 0) {
+ umask(SSS_DFL_X_UMASK);
+ } else {
+ umask(SSS_DFL_UMASK);
+ }
/* we create a new context here as the main process one may have been
* opened as root and contain possibly references (even open handles?)
Hi,
thanks, that was fast!
Indeed, it does, I confirmed that by patching sssd 1.16.3 on Debian Buster locally, and
purging all "bad" directories,
now they are created with correct mode :-)
Please open a ticket at https://github.com/SSSD/sssd/issues/new for this issue.
Done, here it is:
https://github.com/SSSD/sssd/issues/5436
Many thanks for the quick help,
Oliver
bye,
Sumit
_______________________________________________
sssd-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
_______________________________________________
sssd-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
_______________________________________________
sssd-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
