systemd sssd.service does not read /etc/default/sssd

Bug #1587395 reported by Mikko Pesari on 2016-05-31
This bug affects 3 people
Affects Status Importance Assigned to Milestone
sssd (Ubuntu)

Bug Description

In Xenial, the file /etc/default/sssd included in package sssd-common sets the DAEMON_OPTS variable to be used as command line parameters to the sssd binary. This is used by the upstart sssd service.

However, the systemd sssd service does not read this file. It tries to read /etc/sysconfig/sssd in the EnvironmentFile directive. The fix is simple:

1. Modify debian/rules to configure the package with "--with-environment-file=/etc/default/sssd" (default is /etc/sysconfig/sssd). This will propagate to the produced sssd.service file.

2. Modify the sssd.service template to use the variable by changing the line:

     ExecStart=/usr/sbin/sssd -D -f


     ExecStart=/usr/sbin/sssd $DAEMON_OPTS

Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in sssd (Ubuntu):
status: New → Confirmed
Robie Basak (racb) on 2016-06-01
Changed in sssd (Ubuntu):
importance: Undecided → Medium
Timo Aaltonen (tjaalton) wrote :

I'm not sure if that would be the way to fix it.. with systemd there could/should be a /etc/systemd/system/sssd.service.d/foo.conf that would have a template for editing.

Mikko Pesari (mpesari) wrote :

Sure, the /etc/systemd/system dir is for local modifications. But there is inconsistency between upstart and systemd services in the sssd package. Will trusty->xenial upgrade switch from upstart to systemd? Then any local modifications to the /etc/default/sssd file will be ignored. Why not use /etc/default to configure both systems?

FWIW, nfs-common configures its systemd services this way (with help from nfs-config.service).

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package sssd - 1.15.0-3ubuntu1

sssd (1.15.0-3ubuntu1) zesty; urgency=medium

  * Build without the secrets service as libhttp-parser2.1 is in universe. An
    MIR is pending in LP 1638957; when this is complete, we can revert this.
    - Configure with --without-secrets.
    - Drop build depends on libhttp-parser-dev and libjansson-dev. These are
      only needed for the "secrets service".
    - Remove secrets service -related files from d/sssd-common.install and in

 -- Robie Basak <email address hidden> Tue, 07 Feb 2017 19:37:45 +0000

Changed in sssd (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers