I’m trying to determine whether this is a known feature, a dumb user problem with a known workaround, or a problem.

 

I don’t seem to be able to run a systemd service as a user provided by sssd? I joined my Fedora 19 analysis machine to my freeipa domain and configured sssd to allow logins from my AD. The simple access provider lets me in and disallows everyone else. Prior to this conversion, I had been running “ipython notebook” as me-the-local-user, as a systemd unit. All my files have been chowned so that my new domain login plays nice with them.

 

I can run “ipython notebook” (which is how the service is started) from the command line and it works.

 

The problem is, systemd is consistently failing with an exit code of 217/USER. I made a local user (‘ipython’), and systemd  runs perfectly fine. Systemd seems to want its users to exist in /etc/passwd. (getent passwd <me>) succeeds).

 

Ordinarily, this is where I’d say “fine, ship it”. But my multi TB data files are on an NFS mount, and they’re owned by me-the-domain-user. The local ‘ipython’ account can’t manipulate them, and any new files it makes on the NFS mount will be owned by uidNumber 1000, which doesn’t belong to any domain user. Note that prior to this, I was manually coordinating UIDs in password files, which is why this worked: same UID as other systems, user in the password file, everything works out.

 

Is there any way to run a system service as an sssd-provided domain user? For the moment, I guess I’m disabling this systemd service and running the server by hand inside a screen session.

 

Bryce





This electronic message contains information generated by the USDA solely for the intended recipients. Any unauthorized interception of this message or the use or disclosure of the information it contains may violate the law and subject the violator to civil or criminal penalties. If you believe you have received this message in error, please notify the sender and delete the email immediately.