> What is the output of `cat /etc/nsswitch.conf | grep passwd` on your
> system?
passwd: sss files systemd
You might want to consider:
- changing the order to: 'files sss ...'
and
- setting `enable_files_domain = false` (see `man sssd.conf` for details)
> Do you use SSSD on purpose?
Yes. I use FreeIPA here.
Does `getent passwd $your_ipa_use` work for you?
So it's not at all surprising to see these /var/lib/sss accesses. I
just want to understand what they might be for and why nothing is
(apparently) breaking due to the accesses being denied,
Most probably those are lookups (`getpwnam()`, etc) of local users.
When SSSD fails to serve this lookup, it's being served by next source in your nsswitch.conf (i.e. 'files')
and if that's a
condition that can continue to happen without there being some future
fall-out. I.e. what is the result of those accesses being denied
instead of being allowed?
If client app can't connect to the sssd_nss responder socket, then any SSSD lookup should fail...