On 04/04/2017 13:29, Simon McVittie wrote: > Sorry, I meant /etc/dbus-1/system.d/*.conf
No problem! This system has only standard unmodified stuff: # ls -l /etc/dbus-1/system.d/ total 48 -rw-r--r-- 1 root root 947 May 26 2015 org.freedesktop.hostname1.conf -rw-r--r-- 1 root root 937 May 26 2015 org.freedesktop.locale1.conf -rw-r--r-- 1 root root 12499 Jul 28 2016 org.freedesktop.login1.conf -rw-r--r-- 1 root root 1604 Jul 28 2016 org.freedesktop.network1.conf -rw-r--r-- 1 root root 953 Jul 28 2016 org.freedesktop.resolve1.conf -rw-r--r-- 1 root root 11898 Mar 2 09:21 org.freedesktop.systemd1.conf -rw-r--r-- 1 root root 947 May 26 2015 org.freedesktop.timedate1.conf > For completeness, several other paths could potentially > mention users and groups, including /etc/dbus-1/system-local.conf > and /usr/share/dbus-1/system.d/*.conf. Those do not exist on this system. > The bus configuration often also references group names and identities - > are those all local? (I suspect not.) In fact dbus is only installed as a dependency for libpam-systemd and I did not touch anything. > Alternatively, your NSS configuration might be such that the NSS-backed > library calls that dbus-daemon uses during configuration loading (mainly > getpwuid_r() and getgrnam_r() I think) hit the network even if the > group is configured locally. In /etc/nsswitch.conf LDAP is configured as follows: passwd: files ldap group: files ldap and I use the following packages: ii libnss-ldapd:amd64 0.9.7-2 amd64 NSS module for using LDAP as a naming service ii libpam-ldapd:amd64 0.9.7-2 amd64 PAM module for using LDAP as an authentication service > I'd rather not: this is very much an "at own risk, if you are absolutely > sure you know what you are doing" option that can easily cause circular > dependencies. (Much like getting your user and group information from > the network, in fact...) The suggestion in README.Debian could be preceded with a big warning such as: "Warning, the following only applies to systems that use /etc/network/interfaces for network configuration and not daemons that use dbus such as NetworkManager, ConnMan, wicd, ..." -- Laurent.
