sssd-nss.socket doesn't finish starting before nss-user-lookup.target #8224
Description
I'm running Arch Linux with sssd 2.11.1-2.
For years, I've been suffering from systemd-logind not starting linger users on bootup. I just noticed an error that I could investigate a bit. Here's the journal log for the relevant part:
Nov 21 16:47:08 myhost systemd[1]: Started System Security Services Daemon.
Nov 21 16:47:08 myhost systemd[1]: Reached target User and Group Name Lookups.
Nov 21 16:47:08 myhost systemd[1]: Starting SSSD NSS Service responder socket...
Nov 21 16:47:08 myhost systemd[1]: Starting User Login Management...
Nov 21 16:47:08 myhost systemd[1]: Starting Permit User Sessions...
Nov 21 16:47:08 myhost systemd[1]: Finished Permit User Sessions.
Nov 21 16:47:08 myhost systemd[1]: Started Getty on tty1.
Nov 21 16:47:08 myhost systemd[1]: Started Serial Getty on ttyS0.
Nov 21 16:47:08 myhost systemd[1]: Reached target Login Prompts.
Nov 21 16:47:08 myhost systemd-logind[455]: New seat seat0.
Nov 21 16:47:08 myhost systemd-logind[455]: Couldn't add lingering user myuser1, ignoring: No such process
Nov 21 16:47:08 myhost systemd-logind[455]: Couldn't add lingering user myuser2, ignoring: No such process
Nov 21 16:47:08 myhost systemd-logind[455]: User enumeration failed: No such process
Nov 21 16:47:08 myhost systemd-logind[455]: Watching system buttons on /dev/input/event0 (Power Button)
Nov 21 16:47:08 myhost systemd-logind[455]: Watching system buttons on /dev/input/event1 (AT Translated Set 2 keyboard)
Nov 21 16:47:08 myhost systemd[1]: Started User Login Management.
Nov 21 16:47:08 myhost systemd[1]: Reached target Multi-User System.
Nov 21 16:47:08 myhost systemd[1]: Reached target Graphical Interface.
Nov 21 16:47:08 myhost systemd[1]: Listening on SSSD NSS Service responder socket.
"No such process" is a bit misleading. It is ESRCH used as "no such user".
You can see that SSD NSS socket begins starting, but logind then runs, and after that SSD NSS socket finishes starting.
logind waits for nss-user-lookup.target:
$ systemctl cat systemd-logind | grep After
After=nss-user-lookup.target user.slice [email protected]
After=dbus.socket
And sssd runs before nss-user-lookup.target:
$ systemctl cat sssd | grep Before
Before=systemd-user-sessions.service nss-user-lookup.target
But sssd-nss.socket doesn't:
$ systemctl cat sssd-nss.socket | grep Before
Before=sssd-autofs.socket sssd-pac.socket sssd-pam.socket sssd-ssh.socket sssd-sudo.socket
Creating a drop-in fixed the issue.
$ cat /etc/systemd/system/sssd-nss.socket.d/nss-target.conf
[Unit]
Before=nss-user-lookup.target
You can see the difference in the new logs. The 2001 and 2002 are the UID for my users. sssd_nss now socket activates during systemd-logind startup.
Nov 21 17:35:49 myhost systemd[1]: Started System Security Services Daemon.
Nov 21 17:35:50 myhost systemd[1]: Starting SSSD NSS Service responder socket...
Nov 21 17:35:50 myhost systemd[1]: Listening on SSSD NSS Service responder socket.
Nov 21 17:35:50 myhost systemd[1]: Reached target User and Group Name Lookups.
Nov 21 17:35:50 myhost systemd[1]: Starting SSSD PAM Service responder socket...
Nov 21 17:35:50 myhost systemd[1]: Starting User Login Management...
Nov 21 17:35:50 myhost systemd[1]: Starting Permit User Sessions...
Nov 21 17:35:50 myhost systemd[1]: Started SSSD NSS Service responder.
Nov 21 17:35:50 myhost systemd[1]: Finished Permit User Sessions.
Nov 21 17:35:50 myhost systemd[1]: Started Getty on tty1.
Nov 21 17:35:50 myhost systemd[1]: Started Serial Getty on ttyS0.
Nov 21 17:35:50 myhost systemd[1]: Reached target Login Prompts.
Nov 21 17:35:50 myhost systemd-logind[451]: New seat seat0.
Nov 21 17:35:50 myhost systemd[1]: Listening on SSSD PAM Service responder socket.
Nov 21 17:35:50 myhost sssd_nss[457]: Starting up
Nov 21 17:35:50 myhost systemd-logind[451]: Watching system buttons on /dev/input/event0 (Power Button)
Nov 21 17:35:50 myhost systemd-logind[451]: Watching system buttons on /dev/input/event1 (AT Translated Set 2 keyboard)
Nov 21 17:35:50 myhost systemd[1]: Created slice User Slice of UID 2001.
Nov 21 17:35:50 myhost systemd[1]: Created slice User Slice of UID 2002.
Metadata
Metadata
Assignees
Labels
No labels