[systemd-devel] Antw: [EXT] Re: tmpfiles chicken-egg problem
Ulrich Windl
Ulrich.Windl at rz.uni-regensburg.de
Wed Aug 26 14:01:39 UTC 2020
>>> Lennart Poettering <lennart at poettering.net> schrieb am 26.08.2020 um 15:40
in
Nachricht <20200826134031.GA257903 at gardel-login>:
> On Mi, 26.08.20 08:37, Ulrich Windl (Ulrich.Windl at rz.uni‑regensburg.de)
wrote:
>
>> Hi!
>>
>> I see this problem in SLES12 (systemd‑228‑157.12.5.x86_64): On boot systemd
> tries to use LDAP to resolve user names, resulting in an error like this:
>> systemd‑tmpfiles: nss‑ldap: do_open: do_start_tls failed:stat=‑1
>
> Files and directories managed by systemd‑tmpfiles have to be owned by
> *system* users and groups. If you declare files/dirs that are owned by
> non‑system users, then you are on your own, and things will fall apart.
>
> A system user must be resolvable during the entire runtime of the
> system, i.e. managed in /etc/passwd and /etc/group, not in LDAP.
>
> This is extensively documented in tmpfiles.d(5) or here:
>
> https://systemd.io/UIDS‑GIDS/#notes‑on‑resolvability‑of‑user‑and‑group‑names
>
> Hence, if this happens your setup is borked in some way: some entries
> in tmpfiles.d/ drop‑ins are owned by users/groups managed by LDAP. Fix
> that, and everything should be fine.
It's all transitional in some way. In the past a system user was a user with a
UID below the UIDs given to interactive users. Directories existed right from
the beginning of the boot, and the user had to be known when a corresponding
process had to be started. Not earlier. Systemd redefined the world, so don't
point at the world if things are broken now...
I know that it's not all perfect, and I'm working on it... wondering: if I'd
un-tar the temporary directorires on boot, the UDIs would be stored correctly
in the tar... That would add compatibility to pre-systemd times...
[...]
Regards,
Ulrich
More information about the systemd-devel
mailing list