running nscd as user nobody
This document (7011454) is provided subject to the disclaimer at the end of this document.
Environment
SUSE Linux Enterprise Server 11 SP2
AppArmor 2.0
AppArmor 2.0
Situation
nscd (Name Service Cache Daemon) by default runs as root.
It's prepared to run as unpriviliged user nobody, when configured to do so, nscd can't start.
It's prepared to run as unpriviliged user nobody, when configured to do so, nscd can't start.
Resolution
The nscd Apparmor profile is not prepared for that and needs some additional
capabilities added.
Necessary changes are:
/etc/nscd.conf:
server-user nobody
/etc/apparmor.d/usr.sbin.nscd
capability setgid,
capability setuid,
After adding these lines, restart Apparmor and subsequently nscd
capabilities added.
Necessary changes are:
/etc/nscd.conf:
server-user nobody
/etc/apparmor.d/usr.sbin.nscd
capability setgid,
capability setuid,
After adding these lines, restart Apparmor and subsequently nscd
Cause
nscd on SLES11 by default runs as root, thus all directories and files it
needs to access are owned by root.
Specifically the files in the /var/run/nscd directory are problematic.
setgid and setuid capabilities are needed to allow nscd running as nobody to
update the cache files owned by root.
needs to access are owned by root.
Specifically the files in the /var/run/nscd directory are problematic.
setgid and setuid capabilities are needed to allow nscd running as nobody to
update the cache files owned by root.
Disclaimer
This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:7011454
- Creation Date: 05-Dec-2012
- Modified Date:03-Mar-2020
-
- SUSE Linux Enterprise Server
For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com
