I’m trying to determine whether this is a
known feature, a dumb user problem with a known workaround, or
a problem.
I don’t seem to be able to run a systemd
service as a user provided by sssd? I joined my Fedora 19
analysis machine to my freeipa domain and configured sssd to
allow logins from my AD. The simple access provider lets me in
and disallows everyone else. Prior to this conversion, I had
been running “ipython notebook” as me-the-local-user, as a
systemd unit. All my files have been chowned so that my new
domain login plays nice with them.
I can run “ipython notebook” (which is how
the service is started) from the command line and it works.
The problem is, systemd is consistently
failing with an exit code of 217/USER. I made a local user
(‘ipython’), and systemd runs perfectly fine. Systemd seems
to want its users to exist in /etc/passwd. (getent passwd
<me>) succeeds).
Ordinarily, this is where I’d say “fine,
ship it”. But my multi TB data files are on an NFS mount, and
they’re owned by me-the-domain-user. The local ‘ipython’
account can’t manipulate them, and any new files it makes on
the NFS mount will be owned by uidNumber 1000, which doesn’t
belong to any domain user. Note that prior to this, I was
manually coordinating UIDs in password files, which is why
this worked: same UID as other systems, user in the password
file, everything works out.
Is there any way to run a system service as
an sssd-provided domain user? For the moment, I guess I’m
disabling this systemd service and running the server by hand
inside a screen session.