Is there an existing issue for this?
Current Behavior
altfiles missing from /etc/nsswitch.conf for both passwd and group
breaks services such as sssd and sshd as required users/groups are missing leaving unmapped uid/gid for important service files.
Expected Behavior
changing authselect profile keeps altfiles and thus doesn't break services.
Steps To Reproduce
authselect select sssd --force
authselect apply-changes
ls -lh /etc/ssh/sshd
group will not have ssh_keys, but instead some uid (e.g. 999)
Anything else?
I have cloned the repo and modified the almalinux9.yaml manifest to include authselect as there is an upstream fix that I found in a Jira issue for RHEL. There's an authselect rpm script that needs to see /var/run/ostree-booted, which doesn't exist for subsequent Containerfile builds. It creates /usr/share/authselect/vendor/{minimal,sssd,winbind} profiles with the fixed altfiles addition for the el9 based images.
Add authselect to the base image container manifest.
Search terms
authselect
Is there an existing issue for this?
Current Behavior
altfiles missing from /etc/nsswitch.conf for both passwd and group
breaks services such as sssd and sshd as required users/groups are missing leaving unmapped uid/gid for important service files.
Expected Behavior
changing authselect profile keeps altfiles and thus doesn't break services.
Steps To Reproduce
group will not have ssh_keys, but instead some uid (e.g. 999)
Anything else?
I have cloned the repo and modified the almalinux9.yaml manifest to include authselect as there is an upstream fix that I found in a Jira issue for RHEL. There's an authselect rpm script that needs to see /var/run/ostree-booted, which doesn't exist for subsequent Containerfile builds. It creates /usr/share/authselect/vendor/{minimal,sssd,winbind} profiles with the fixed altfiles addition for the el9 based images.
Add authselect to the base image container manifest.
Search terms
authselect