On Sun, Dec 13, 2020 at 05:26:52PM -0000, Oliver Freyermuth wrote:
I'm sorry for reviving this old thread, but I have the very same issue.
Debian Buster does not have KEYRING:PERSISTENT support enabled in the kernel:
cat /boot/config-4.19.0-13-amd64 | grep PERSISTENT_KEY # CONFIG_PERSISTENT_KEYRINGS is not set
I wonder if the directory creation problem is a consequence of the UID mask of the sssd_be process, i.e. similar to: https://github.com/SSSD/sssd/commit/14050f35224360883e20ebd810d3eb40f39267cf
Hi,
can you check if the following patch works for you?
diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c index cab7b27..058e84b 100644 --- a/src/providers/krb5/krb5_child.c +++ b/src/providers/krb5/krb5_child.c @@ -972,8 +972,13 @@ static krb5_error_code create_ccache(char *ccname, krb5_creds *creds) bool switch_to_cc = false; #endif
- /* Set a restrictive umask, just in case we end up creating any file */ - umask(SSS_DFL_UMASK); + /* Set a restrictive umask, just in case we end up creating any file or a + * directory */ + if (strncmp(ccname, "DIR:", 4) == 0) { + umask(SSS_DFL_X_UMASK); + } else { + umask(SSS_DFL_UMASK); + }
/* we create a new context here as the main process one may have been * opened as root and contain possibly references (even open handles?)
Please open a ticket at https://github.com/SSSD/sssd/issues/new for this issue.
bye, Sumit
sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.o...