Hello Mike,
On Thu, Mar 04, 2021 at 09:11:56PM +0000, hereiam@mit.edu wrote:
That seems to have done the trick!
Anyone know if this could cause any unexpected side effects?
I don't know, but in general, fixing such thing by changing the code tends to incur higher risks than if you manage to do it through the user interface.
I have some additional information that might help to pin down the cause: I have seen the problem you describe for some time, but on only one of a bunch of identical nodes. At first, I thought this was a fluke, so I tried rebooting, but the problem persisted. I changed the permissions locally on the node, but after a reboot, the problem was back. I couldn;t think of any differences between that node and its siblings, so I just let it be.
After reading your post today, I looked at this again: Our nodes aren't diskless, they use the default "ZFS" config for local scratch and /var. So there must be some other difference. Finally, I've found it: the problem node had a Nameservice Config attached individually. After removing it, the problem is gone.
Of course, this doesn't answer the question why the Nameservice Config clobbers sssd.conf's permissions...
A.