Home / SSSD fails to start with error – File ownership and permissions check failed

SSSD fails to start with error – File ownership and permissions check failed

There may be a file permission issue if you get the following error messages after starting SSSD.

# systemctl restart sssd
Job for sssd.service failed because the control process exited with error code.
See "systemctl status sssd.service" and "journalctl -xe" for details.

The error message in /var/log/messages is shown below.

sssd[sssd][22160]: SSSD couldn't load the configuration database [1432158317]: Unknown error 1432158317.
systemd[1]: sssd.service: Main process exited, code=exited, status=4/NOPERMISSION
systemd[1]: sssd.service: Failed with result 'exit-code'.
systemd[1]: sssd.service: Service RestartSec=100ms expired, scheduling restart.
systemd[1]: sssd.service: Scheduled restart job, restart counter is at 5.
systemd[1]: sssd.service: Start request repeated too quickly.
systemd[1]: sssd.service: Failed with result 'exit-code'.

After setting debug_level = 9 in sssd.conf, following error is logged in /var/log/sssd/sssd.log

[sssd] [sss_ini_read_sssd_conf] (0x0020): Permission check on config file failed.
[sssd] [confdb_init_db] (0x0020): Cannot convert INI to LDIF [1432158317]: [File ownership and permissions check failed]
[sssd] [confdb_setup] (0x0010): ConfDB initialization has failed [1432158317]: File ownership and permissions check failed
[sssd] [load_configuration] (0x0010): Unable to setup ConfDB [1432158317]: File ownership and permissions check failed
[sssd] [main] (0x0010): SSSD couldn't load the configuration database.

Make sure SSSD config file at /etc/sssd/sssd.conf is owned by root and has permission 600.

chown root:root /etc/sssd/sssd.conf
chmod 600 /etc/sssd/sssd.conf

Note: The config file /etc/sssd/sssd.conf must be owned by root:root, and has permission 600

Leave a Reply