nslcd.conf permission problem

Question

I have a fresh AlmaLinux 8.8 installation where I have installed the nss-pam-ldap package.

When I try to restart the nslcd service it fails:

# systemctl restart nslcd.service 
Job for nslcd.service failed because the control process exited with error code.
See "systemctl status nslcd.service" and "journalctl -xe" for details.

Amongst other things, journalctl -xe gives:

Unit nslcd.service has begun starting up.
Nov 11 13:09:24 nslcd[99425]: nslcd: cannot open config file (/etc/nslcd.conf): Permission denied
Nov 11 13:09:24 systemd[1]: nslcd.service: Control process exited, code=exited status=1
Nov 11 13:09:24 systemd[1]: nslcd.service: Failed with result 'exit-code'.

My nslcd.conf reads:

# The user and group nslcd should run as.
uid root
gid root
uri ldaps://some.stuff.de
base ou=dir,dc=some,dc=stuff,dc=de
SSL options
#ssl off
tls_reqcert demand
tls_cacertfile /etc/pki/tls/certs/ca-bundle.crt

Permissions:

# ls -l nslcd.conf 
-rw-r--r--. 1 root root 684 Nov 11 13:07 nslcd.conf

I manually changed the permission of /var/run/nslcd from nslcd:root to root:root. I am out ideas what may cause the the process to read the conf file.

It looks like your conf file has a SELinux security context set - see What does a dot after the file permission bits mean? — steeldriver, Nov 11 '23 at 12:35
Wow, thanks for noticing. I disabled selinux and removed the security context. — Simon T., Nov 11 '23 at 12:46
@SimonT. Um... Disabling SELinux is unlikely the correct solution. I'm not a Linux user, but I think it would be better to work with SELinux to correctly set the extended attributes on the file than to disable the protection system-wide. — Kusalananda, Nov 11 '23 at 13:00

nslcd.conf permission problem

SSL options

0 Answers0