systemd-resolved service not starting on boot with error 13 (Permission denied)
I am encountering a strange issue with the systemd-resolved service not starting on boot. To my knowledge I do not know how or why this has happened. The only major changes to the server are running the CIS guideline benchmark scripts for security hardening. Looking over the script, I cannot see what file or folder was changes to cause this issue.
Note I am running Ubuntu 22.04.3 server in minimized mode.
Upon boot I am informed that the service failure to start:
Failure at boot
I investigated the errors using the following commands.
systemctl status systemd-resolved
systemctl output
Error: 13 (Permission denied)
is the main concern. However searching into this error is not giving any clear results.
journalctl -b -u systemd-resolved.service
journalctl
Could not create manager: Permission denied
really stands out. However, again, searching into this error is not giving any clear answer.
My suspicion is that somehow the CIS Benchmark script misconfigured the Resolve service. But I cannot really know what specific file has bad permissions or misconfigurations are causing this issue. I would need to get some kind of log that goes deeper than what I have presented. If I can identify the file(s) who have bad permissions I can probably wrap this up myself (and report it here of course!).
Solution Found!
While editing /etc/tmpfiles.d/systemd.conf for security hardening, I modified the permissions for the /run/systemd/netif and /run/systemd/netif/links folders. This was the cause.
My understanding is that systemd-resolved will need to read into these folders. Changing permissions will result in systemd-resolved not having correct access, thus failing as observed.
Leaving the permissions as default for these two folders resulted in systemd-resolved behaving as expected. Defaults are:
d /run/systemd/netif 0755 systemd-network systemd-network –
d /run/systemd/netif/links 0755 systemd-network systemd-network –