Comment 5 for bug 1885948
Revision history for this message
| Zahid Bukhari (cimmerian) wrote Re: systemd 229 (16.04) and 237 (18.04) error with "Failed to get properties: Access denied" when ran as non-root user | #5 |
We have ldap.conf set to mode 440 as there is a sensitive password used in our config to bind to LDAP. This works for everything else that needs it even at the user level via normal system calls.
However from what I can tell, dbus seems to need to be able to read the file from an strace my co-workers ran. In all my tests I didn't see it go to strace, and this was prior to specifying the network, however in their test run, they say an access denied for /etc/ldap.conf.
Just now I ran a test where I chmod'd it to be 444, and then ran systemctl as a normal user, it worked.
My co-workers ran an strace against the dbus process and saw it was trying to read /etc/ldap.conf. I'm not sure why it would need that versus just using syscalls.
Anyway, it worked. So then I changed it back, changed into a different user, it still worked. Then I tried to invalidate nscd cache, it still worked.
So I feel depending on what starts and or restarts where, it's a draw as to whether or not it'll work.
I'm checking to see if dbus caches LDAP creds but also going to try and separate ldap.conf creds to another file.
Thank you!