sssd cache directory changes ownership to root after reboot

sssd cache directory changes ownership to root after reboot

https://access.redhat.com/solutions/6979788

Solution Verified - Updated June 29 2025 at 6:03 PM - English Environment

Red Hat Enterprise Linux (RHEL) 8
sssd-common
Identity Management (IdM)

Issue

After a reboot, system automatically changes the ownership of directory /var/lib/sss/db from sssd:sssd to root:root
As a result, sssd is not able to read the contents of the filesystem, and the authentication methods provided doesn't work. Example: connection from users with ssh public keys stored in IdM that are prompted for a password when changing this ownership

Resolution

The cache should be mounted in /etc/fstab with the options of uid and gid set to sssd
Example:
Raw

tmpfs /var/lib/sss/db/ tmpfs nodev,nosuid,noexec,size=500M,mode=0700,uid=sssd,gid=sssd,rootcontext=system_u:object_r:sssd_var_lib_t:s0 0 0

Root Cause

System doesn't have the appropriate options for mounting the sssd cache filesystem in /etc/fstab
Example:
Raw

tmpfs /var/lib/sss/db tmpfs nodev,nosuid,noexec,size=500M,mode=0700,rootcontext=system_u:object_r:sssd_var_lib_t:s0 0 0

Diagnostic Steps

The shared keys doesn't work for login to the IdM system

Look at permissions changed of sssd-common since installation:
Raw

[root@server ~]# rpm -V sssd-common
.....UG..    /var/lib/sss/db

Set the uid and gid as original installation of rpm executing rpm --setugids sssd-common

After a reboot, the ownership changes to root:root again