Hi folks, I'm having issues setting up SASL using a secondary group to control access to the sasldb2 file. I've added the memcache user to the sasl group, and /etc/sasldb2 is owned by root:sasl with mode 0660. I can verify that the memcache user has access to this file by running `sudo -u memcache sasldblistusers2 -f /etc/sasldb2`. However, when Memcached (running under systemd on xenial) tries to authenticate a connection, I see the following error in the journal:
Jun 12 01:06:58 atl-cache-001 systemd-memcached-wrapper[3369]: authenticated () in cmd 0x21 is true Jun 12 01:06:58 atl-cache-001 systemd-memcached-wrapper[3369]: mech: `` PLAIN'' with 22 bytes of data Jun 12 01:06:58 atl-cache-001 systemd-memcached-wrapper[3369]: SASL (severity 1): unable to open Berkeley db /etc/sasldb2: Permission denied Jun 12 01:06:58 atl-cache-001 systemd-memcached-wrapper[3369]: SASL (severity 2): Password verification failed Jun 12 01:06:58 atl-cache-001 systemd-memcached-wrapper[3369]: sasl result code: -1 Jun 12 01:06:58 atl-cache-001 systemd-memcached-wrapper[3369]: Unknown sasl response: -1 Jun 12 01:06:58 atl-cache-001 systemd-memcached-wrapper[3369]: >31 Writing an error: Auth failure. I suspect this is due to the setgid(2) in memcached.c. I might take out the `-u` statement from memcached.conf and add User=, Group=, and SupplementaryGroups= statements to the memcached.service file (i.e. let systemd handle the privilege drop). Is that the best way to solve this problem? Thanks in advance, Mike -- --- You received this message because you are subscribed to the Google Groups "memcached" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
