I'm trying to determine whether this is a known feature, a dumb user problem with a
known workaround, or a problem.
I don't seem to be able to run a systemd service as a user provided by sssd? I joined
my Fedora 19 analysis machine to my freeipa domain and configured sssd to allow logins
from my AD. The simple access provider lets me in and disallows everyone else. Prior to
this conversion, I had been running "ipython notebook" as me-the-local-user, as
a systemd unit. All my files have been chowned so that my new domain login plays nice with
them.
I can run "ipython notebook" (which is how the service is started) from the
command line and it works.
The problem is, systemd is consistently failing with an exit code of 217/USER. I made a
local user ('ipython'), and systemd runs perfectly fine. Systemd seems to want
its users to exist in /etc/passwd. (getent passwd <me>) succeeds).
Ordinarily, this is where I'd say "fine, ship it". But my multi TB data
files are on an NFS mount, and they're owned by me-the-domain-user. The local
'ipython' account can't manipulate them, and any new files it makes on the NFS
mount will be owned by uidNumber 1000, which doesn't belong to any domain user. Note
that prior to this, I was manually coordinating UIDs in password files, which is why this
worked: same UID as other systems, user in the password file, everything works out.
Is there any way to run a system service as an sssd-provided domain user? For the moment,
I guess I'm disabling this systemd service and running the server by hand inside a
screen session.
Bryce
This electronic message contains information generated by the USDA solely for the intended
recipients. Any unauthorized interception of this message or the use or disclosure of the
information it contains may violate the law and subject the violator to civil or criminal
penalties. If you believe you have received this message in error, please notify the
sender and delete the email immediately.