Am 26.08.20 um 16:01 schrieb Ulrich Windl: >>>> Lennart Poettering <lennart@xxxxxxxxxxxxxx> schrieb am 26.08.2020 um 15:40 > in > Nachricht <20200826134031.GA257903@gardel-login>: >> On Mi, 26.08.20 08:37, Ulrich Windl (Ulrich.Windl@xxxxxx‑regensburg.de) > wrote: >> >>> Hi! >>> >>> I see this problem in SLES12 (systemd‑228‑157.12.5.x86_64): On boot systemd > >> tries to use LDAP to resolve user names, resulting in an error like this: >>> systemd‑tmpfiles: nss‑ldap: do_open: do_start_tls failed:stat=‑1 >> >> Files and directories managed by systemd‑tmpfiles have to be owned by >> *system* users and groups. If you declare files/dirs that are owned by >> non‑system users, then you are on your own, and things will fall apart. >> >> A system user must be resolvable during the entire runtime of the >> system, i.e. managed in /etc/passwd and /etc/group, not in LDAP. >> >> This is extensively documented in tmpfiles.d(5) or here: >> >> https://systemd.io/UIDS‑GIDS/#notes‑on‑resolvability‑of‑user‑and‑group‑names > >> >> Hence, if this happens your setup is borked in some way: some entries >> in tmpfiles.d/ drop‑ins are owned by users/groups managed by LDAP. Fix >> that, and everything should be fine. > > It's all transitional in some way. In the past a system user was a user with a > UID below the UIDs given to interactive users. Directories existed right from > the beginning of the boot, and the user had to be known when a corresponding > process had to be started. Not earlier. Systemd redefined the world, so don't > point at the world if things are broken now... did you skip the follow-up paragraph by intention to repeat "Systemd redefined the world, so don't point at the world"? just create directories when the process has to be startet eiter by ExecStartPre or RuntimeDirectory/StateDirectory and you are done And besides that, we actually push people towards using RuntimeDirectory=, StateDirectory=, … and stuff so that these dirs are created when the service is started and not earlier, for services where that works. _______________________________________________ systemd-devel mailing list systemd-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: Antw: [EXT] Re: tmpfiles chicken-egg problem
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Re: Antw: [EXT] Re: tmpfiles chicken-egg problem
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Date: Thu, 27 Aug 2020 10:19:57 +0200
- In-reply-to: <5F466B43020000A10003AE60@gwsmtp.uni-regensburg.de>
- Organization: the lounge interactive design
- References: <5F460343020000A10003AE57@gwsmtp.uni-regensburg.de> <20200826134031.GA257903@gardel-login> <5F466B43020000A10003AE60@gwsmtp.uni-regensburg.de>
- User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.11.0
- References:
- tmpfiles chicken-egg problem
- From: Ulrich Windl
- Re: tmpfiles chicken-egg problem
- From: Lennart Poettering
- Antw: [EXT] Re: tmpfiles chicken-egg problem
- From: Ulrich Windl
- tmpfiles chicken-egg problem
- Prev by Date: Antw: [EXT] Re: tmpfiles chicken-egg problem
- Next by Date: A sh -c '${name} and $name' are treated inconsistently within a .service unit
- Previous by thread: Re: Antw: [EXT] Re: tmpfiles chicken-egg problem
- Next by thread: A sh -c '${name} and $name' are treated inconsistently within a .service unit
- Index(es):
 |