On Tue, Dec 15, 2020 at 01:49:00PM +0100, Oliver Freyermuth wrote: > Am 15.12.20 um 10:14 schrieb Sumit Bose: > > On Sun, Dec 13, 2020 at 05:26:52PM -0000, Oliver Freyermuth wrote: > > > I'm sorry for reviving this old thread, but I have the very same issue. > > > > > > Debian Buster does not have KEYRING:PERSISTENT support enabled in the > > > kernel: > > > > > > cat /boot/config-4.19.0-13-amd64 | grep PERSISTENT_KEY > > > # CONFIG_PERSISTENT_KEYRINGS is not set > > > > > > I wonder if the directory creation problem is a consequence of the UID > > > mask of the sssd_be process, i.e. similar to: > > > https://github.com/SSSD/sssd/commit/14050f35224360883e20ebd810d3eb40f39267cf > > > > Hi, > > > > can you check if the following patch works for you? > > > > diff --git a/src/providers/krb5/krb5_child.c > > b/src/providers/krb5/krb5_child.c > > index cab7b27..058e84b 100644 > > --- a/src/providers/krb5/krb5_child.c > > +++ b/src/providers/krb5/krb5_child.c > > @@ -972,8 +972,13 @@ static krb5_error_code create_ccache(char *ccname, > > krb5_creds *creds) > > bool switch_to_cc = false; > > #endif > > - /* Set a restrictive umask, just in case we end up creating any file */ > > - umask(SSS_DFL_UMASK); > > + /* Set a restrictive umask, just in case we end up creating any file > > or a > > + * directory */ > > + if (strncmp(ccname, "DIR:", 4) == 0) { > > + umask(SSS_DFL_X_UMASK); > > + } else { > > + umask(SSS_DFL_UMASK); > > + } > > /* we create a new context here as the main process one may have been > > * opened as root and contain possibly references (even open handles?) > > > > > > Hi, > > thanks, that was fast! > Indeed, it does, I confirmed that by patching sssd 1.16.3 on Debian Buster > locally, and purging all "bad" directories, > now they are created with correct mode :-)
Hi, great, thanks for the feedback. > > > Please open a ticket at https://github.com/SSSD/sssd/issues/new for this > > issue. > > Done, here it is: > https://github.com/SSSD/sssd/issues/5436 Thanks. bye, Sumit > > Many thanks for the quick help, > Oliver > > > bye, > > Sumit > > > > > _______________________________________________ > > > sssd-users mailing list -- [email protected] > > > To unsubscribe send an email to [email protected] > > > Fedora Code of Conduct: > > > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > > > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > > > List Archives: > > > https://lists.fedorahosted.org/archives/list/[email protected] > > _______________________________________________ > > sssd-users mailing list -- [email protected] > > To unsubscribe send an email to [email protected] > > Fedora Code of Conduct: > > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > > List Archives: > > https://lists.fedorahosted.org/archives/list/[email protected] > > > _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
