https://bugzilla.redhat.com/show_bug.cgi?id=1853261
--- Comment #1 from Lukas Slebodnik lslebodn@redhat.com --- (In reply to Zbigniew Jędrzejewski-Szmek from comment #0)
We see multiple issues here:
- the main one is that sssd should not fail to start as described above
I would say you should use root to recover from a file system issue and root user is not handled by sssd
- but also, why is sssd not just logging to the journal? Why is it spamming
with broadcast messages?
By default it try to log to files in /var/log/sssd. Obviously it failed due to read-only file system. that's the reason of broadcast emssage.
If sssd would just log to the journal like any modern service, all those problems would be avoided.
sssd can log to journald you just need to explicitely configure it.
sh$ systemctl cat sssd | head # /usr/lib/systemd/system/sssd.service [Unit] Description=System Security Services Daemon # SSSD must be running before we permit user sessions Before=systemd-user-sessions.service nss-user-lookup.target Wants=nss-user-lookup.target
[Service] Environment=DEBUG_LOGGER=--logger=files EnvironmentFile=-/etc/sysconfig/sssd
Just set DEBUG_LOGGER in /etc/sysconfig/sssd (details in `man sssd`)
But I doubt it will help if system is read-only. sssd will still try to open rw files in /var/lib/sss/