[systemd-devel] Antw: [EXT] Re: tmpfiles chicken-egg problem
Reindl Harald
h.reindl at thelounge.net
Thu Aug 27 08:19:57 UTC 2020
Am 26.08.20 um 16:01 schrieb Ulrich Windl:
>>>> Lennart Poettering <lennart at poettering.net> schrieb am 26.08.2020 um 15:40
> in
> Nachricht <20200826134031.GA257903 at gardel-login>:
>> On Mi, 26.08.20 08:37, Ulrich Windl (Ulrich.Windl at rz.uni‑regensburg.de)
> wrote:
>>
>>> Hi!
>>>
>>> I see this problem in SLES12 (systemd‑228‑157.12.5.x86_64): On boot systemd
>
>> tries to use LDAP to resolve user names, resulting in an error like this:
>>> systemd‑tmpfiles: nss‑ldap: do_open: do_start_tls failed:stat=‑1
>>
>> Files and directories managed by systemd‑tmpfiles have to be owned by
>> *system* users and groups. If you declare files/dirs that are owned by
>> non‑system users, then you are on your own, and things will fall apart.
>>
>> A system user must be resolvable during the entire runtime of the
>> system, i.e. managed in /etc/passwd and /etc/group, not in LDAP.
>>
>> This is extensively documented in tmpfiles.d(5) or here:
>>
>> https://systemd.io/UIDS‑GIDS/#notes‑on‑resolvability‑of‑user‑and‑group‑names
>
>>
>> Hence, if this happens your setup is borked in some way: some entries
>> in tmpfiles.d/ drop‑ins are owned by users/groups managed by LDAP. Fix
>> that, and everything should be fine.
>
> It's all transitional in some way. In the past a system user was a user with a
> UID below the UIDs given to interactive users. Directories existed right from
> the beginning of the boot, and the user had to be known when a corresponding
> process had to be started. Not earlier. Systemd redefined the world, so don't
> point at the world if things are broken now...
did you skip the follow-up paragraph by intention to repeat "Systemd
redefined the world, so don't point at the world"?
just create directories when the process has to be startet eiter by
ExecStartPre or RuntimeDirectory/StateDirectory and you are done
And besides that, we actually push people towards using
RuntimeDirectory=, StateDirectory=, … and stuff so that these dirs are
created when the service is started and not earlier, for services where
that works.
More information about the systemd-devel
mailing list