Antw: [EXT] Re: tmpfiles chicken-egg problem

["Ulrich Windl" <Ulrich.Windl@xxxxxxxxxxxxxxxxxxxx>]

>>> Lennart Poettering <lennart@xxxxxxxxxxxxxx> schrieb am 26.08.2020 um 15:40
in
Nachricht <20200826134031.GA257903@gardel-login>:
> On Mi, 26.08.20 08:37, Ulrich Windl (Ulrich.Windl@xxxxxx‑regensburg.de)
wrote:
> 
>> Hi!
>>
>> I see this problem in SLES12 (systemd‑228‑157.12.5.x86_64): On boot systemd

> tries to use LDAP to resolve user names, resulting in an error like this:
>> systemd‑tmpfiles: nss‑ldap: do_open: do_start_tls failed:stat=‑1
> 
> Files and directories managed by systemd‑tmpfiles have to be owned by
> *system* users and groups. If you declare files/dirs that are owned by
> non‑system users, then you are on your own, and things will fall apart.
> 
> A system user must be resolvable during the entire runtime of the
> system, i.e. managed in /etc/passwd and /etc/group, not in LDAP.
> 
> This is extensively documented in tmpfiles.d(5) or here:
> 
> https://systemd.io/UIDS‑GIDS/#notes‑on‑resolvability‑of‑user‑and‑group‑names

> 
> Hence, if this happens your setup is borked in some way: some entries
> in tmpfiles.d/ drop‑ins are owned by users/groups managed by LDAP. Fix
> that, and everything should be fine.

It's all transitional in some way. In the past a system user was a user with a
UID below the UIDs given to interactive users. Directories existed right from
the beginning of the boot, and the user had to be known when a corresponding
process had to be started. Not earlier. Systemd redefined the world, so don't
point at the world if things are broken now...

I know that it's not all perfect, and I'm working on it... wondering: if I'd
un-tar the temporary directorires on boot, the UDIs would be stored correctly
in the tar... That would add compatibility to pre-systemd times...

[...]

Regards,
Ulrich

_______________________________________________
systemd-devel mailing list
systemd-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/systemd-devel