On Wed, Mar 16, 2022 at 11:39 AM Brian J. Murrell <[email protected]> wrote:
> > Hi, > > Hi. > > > What OS are running on your system? > > EL8.5 > Did you tune any default selinux policies? > > > > What is the output of `cat /etc/nsswitch.conf | grep passwd` on your > > system? > > passwd: sss files systemd > You might want to consider: - changing the order to: 'files sss ...' and - setting `enable_files_domain = false` (see `man sssd.conf` for details) > > > Do you use SSSD on purpose? > > Yes. I use FreeIPA here. > Does `getent passwd $your_ipa_use` work for you? > > So it's not at all surprising to see these /var/lib/sss accesses. I > just want to understand what they might be for and why nothing is > (apparently) breaking due to the accesses being denied, Most probably those are lookups (`getpwnam()`, etc) of local users. When SSSD fails to serve this lookup, it's being served by next source in your nsswitch.conf (i.e. 'files') > > and if that's a > condition that can continue to happen without there being some future > fall-out. I.e. what is the result of those accesses being denied > instead of being allowed? > If client app can't connect to the sssd_nss responder socket, then any SSSD lookup should fail...
_______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
