Hi, some time ago we started with a jessie FAI server with jessie included FAI packages. Later we added the fai-project.org repository and rebuilt the NFSROOT. Currently we use: Package: fai-server Version: 5.0.3
We had to update our config space to the new version and are mostly done, but one problem still is open: When installing a client we saw a problem with systemd complaining about sssd (System Security Services Daemon), there were missing rights in /var/lib/sss/pipes/ After some investigation we saw that there has been set a default ACL on _every_ directory in the installed clients -- removing this default ACL (setfacl -k) made sssd working again. We did not really find why there are ACLs set -- they are created during the run of task_extrbase() from the file /srv/fai/nfsroot/usr/lib/fai/subroutines. In this function there is a call to ftar, and it looks like ftar became a new feature -- the use of xattrs. So if we patch the ftar in the NFSROOT to explicitly _not_ use ACLs, everything is working again: # diff /srv/fai/nfsroot/usr/sbin/ftar /srv/fai/nfsroot/usr/sbin/ftar.defect 116c116 < xattrs="--xattrs --xattrs-include=*.* --selinux --no-acls" --- > xattrs="--xattrs --xattrs-include=*.* --selinux --acl" Is this a bug in ftar, is this a feature we need but which needs some adaptation in our config space (or in /etc/fai?), is this a problem in creating the bast.tar.xz, or has someone else a good idea how to proceed? Our current solution would be to patch the ftar in the NFSROOT through a hook in /etc/fai/nfsroot-hooks/, but that seems not the best possible solution ... With regards, Alex -- Alexander Bugl, Central IT Services Max Planck Institute for Meteorology Bundesstrasse 53, D-20146 Hamburg, Germany tel +49-40-41173-351, fax -298, room d0010
