View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0000629 | AlmaLinux-10 | General | public | 2026-05-29 12:36 | 2026-05-29 12:36 |
| Reporter | lugivu | Assigned To | |||
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | new | Resolution | open | ||
| Summary | 0000629: SSSD install/setup issue due to insufficient permissions and ownership | ||||
| Description | Hello, we're having trouble connecting AlmaLinux 10.2 to an Active Directory using SSSD. Previously we were able to set it up just fine using AlmaLinux 10.1. The following text describes the issues and how to solve them. However, it would be better if the issues were fixed at the source. Firstly, sssd doesn't own the paths /var/lib/sss and /var/log/sssd. # systemctl status sssd × sssd.service - System Security Services Daemon Loaded: loaded (/usr/lib/systemd/system/sssd.service; enabled; preset: enabled) Active: failed (Result: exit-code) since Fri 2026-05-29 11:10:06 UTC; 7min ago Invocation: cddf4fea77444dab88d80a37de5875f2 Process: 4346 ExecStartPre=/bin/chown -f -R -H root:sssd /etc/sssd (code=exited, status=0/SUCCESS) Process: 4348 ExecStartPre=/bin/chmod -f -R g+r /etc/sssd (code=exited, status=0/SUCCESS) Process: 4350 ExecStartPre=/bin/chmod -f g+x /etc/sssd (code=exited, status=0/SUCCESS) Process: 4352 ExecStartPre=/bin/chmod -f g+x /etc/sssd/conf.d (code=exited, status=0/SUCCESS) Process: 4354 ExecStartPre=/bin/chmod -f g+x /etc/sssd/pki (code=exited, status=0/SUCCESS) Process: 4356 ExecStartPre=/bin/sh -c /bin/chown -f -h sssd:sssd /var/lib/sss/db/*.ldb (code=exited, status=1/FAILURE) Process: 4358 ExecStartPre=/bin/chown -f -R -h sssd:sssd /var/lib/sss/gpo_cache (code=exited, status=0/SUCCESS) Process: 4360 ExecStartPre=/bin/sh -c /bin/chown -f -h sssd:sssd /var/log/sssd/*.log* (code=exited, status=1/FAILURE) Process: 4362 ExecStart=/usr/sbin/sssd -i ${DEBUG_LOGGER} (code=exited, status=8) Main PID: 4362 (code=exited, status=8) Mem peak: 2.3M CPU: 49ms May 29 11:10:06 redacted sssd[4362]: Could not open file [/var/log/sssd/sssd.log]. Error: [13][Permission denied] May 29 11:10:06 redacted sssd[4362]: Error opening log file, falling back to stderr May 29 11:10:06 redacted sssd[4362]: [sssd] [main] (0x3f7c0): Started under uid=997 (euid=997) : gid=997 (egid=997) with SECBIT_KEEP_CAPS = 0 and following capabilities: May 29 11:10:06 redacted sssd[4362]: (nothing) May 29 11:10:06 redacted sssd[4362]: [sssd] [sss_ini_call_validators] (0x0020): [rule/allowed_sssd_options]: Attribute 'config_file_version' is not allowed in section 'sssd'. Check for typos. May 29 11:10:06 redacted sssd[4362]: [sssd] [confdb_write_ini] (0x0010): Can't delete old '/var/lib/sss/db/config.ldb' May 29 11:10:06 redacted sssd[4362]: [sssd] [main] (0x0010): Failed to write config DB: 'Permission denied' May 29 11:10:06 redacted systemd[1]: sssd.service: Main process exited, code=exited, status=8/n/a May 29 11:10:06 redacted systemd[1]: sssd.service: Failed with result 'exit-code'. May 29 11:10:06 redacted systemd[1]: Failed to start sssd.service - System Security Services Daemon. # ls -la /var/log/sssd total 4 drwxrwx---. 2 root root 6 Apr 14 00:00 . drwxr-xr-x. 9 root root 4096 May 29 11:09 .. # ls -la /var/lib/sss total 4 drwxrwxr-x. 10 root root 120 May 29 11:09 . drwxr-xr-x. 27 root root 4096 May 29 11:09 .. drwxrwx---. 2 root root 6 Apr 14 00:00 db drwxrwx--x. 2 root root 6 Apr 14 00:00 deskprofile drwxrwx---. 2 sssd sssd 6 Apr 14 00:00 gpo_cache drwxrwx---. 2 sssd sssd 6 Apr 14 00:00 keytabs drwxrwxr-x. 2 root root 6 Apr 14 00:00 mc drwxrwxr-x. 3 root root 21 May 26 13:48 pipes drwxrwxr-x. 3 root root 28 May 26 13:48 pubconf drwxrwx---. 2 root root 6 Apr 14 00:00 secrets The second issue is that the current file permissions for executables are insufficient, that are required for running sssd. # ls -la /usr/libexec/sssd/ total 2200 drwxr-xr-x. 2 root root 4096 May 29 11:09 . drwxr-xr-x. 30 root root 4096 May 29 11:09 .. -rwxr-xr-x. 1 root root 40608 Apr 14 00:00 gpo_child -rwxr-x---. 1 root root 140016 Apr 14 00:00 krb5_child -rwxr-x---. 1 root root 53112 Apr 14 00:00 ldap_child -rwxr-xr-x. 1 root root 73384 Apr 14 00:00 p11_child -rwxr-x---. 1 root sssd 32368 Apr 14 00:00 proxy_child -rwxr-x---. 1 root sssd 32416 Apr 14 00:00 selinux_child -rwxr-xr-x. 1 root root 186968 Apr 14 00:00 sssd_autofs -rwxr-xr-x. 1 root root 261800 Apr 14 00:00 sssd_be -rwxr-xr-x. 1 root root 15840 Apr 14 00:00 sssd_check_socket_activated_responders -rwxr-xr-x. 1 root root 215640 Apr 14 00:00 sssd_kcm -rwxr-xr-x. 1 root root 266888 Apr 14 00:00 sssd_nss -rwxr-xr-x. 1 root root 195056 Apr 14 00:00 sssd_pac -rwxr-x---. 1 root root 306768 Apr 14 00:00 sssd_pam -rwxr-xr-x. 1 root root 195176 Apr 14 00:00 sssd_ssh -rwxr-xr-x. 1 root root 195224 Apr 14 00:00 sssd_sudo -rwxr-xr-x. 1 root root 15800 Apr 14 00:00 sss_signal This issue can be resolved by running the three commands below and then restarting the SSSD service. chown -R sssd:sssd /var/lib/sss chown sssd:sssd /var/log/sssd chmod o+rx /usr/libexec/sssd/* | ||||
| Steps To Reproduce | AlmaLinux 10.2 Kernel: Linux 6.12.0-211.7.3.el10_2.x86_64 SSSD: 2.12.0 dnf -y update realmd sssd then setup your active directory domain and join it using realmd this updates the /etc/sssd/sssd.conf and triggers the sssd.service to start | ||||
| Tags | No tags attached. | ||||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2026-05-29 12:36 | lugivu | New Issue |
