Problem
When installing the Univention Self-Service App (frontend) on a UCS Replica Node running UCS 5.0-x, the installation fails to create the dedicated system user self-service-umc. This user is essential for the univention-self-service-passwordreset-umc.service to operate correctly. On Primary or Backup Nodes, this user is typically created by the univention-self-service-passwordreset-umc.postinst script during installation. However, this creation process does not occur on Replica Nodes.
As a result of the missing user, the univention-self-service-passwordreset-umc.service fails to start and is marked as ‘failed’ by systemd. The service attempts to switch to the self-service-umc user, but since the user does not exist, the process exits with status code 67 (NOUSER).
The systemctl status output for the affected service will show:
root@replica:~# systemctl status univention-self-service-passwordreset-umc.service
● univention-self-service-passwordreset-umc.service - memcached daemon (univention-self-service instance)
Loaded: loaded (/lib/systemd/system/univention-self-service-passwordreset-umc.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Tue 2024-10-01 11:30:46 CEST; 24h ago
Process: 17508 ExecStart=/usr/share/memcached/scripts/systemd-memcached-wrapper /etc/memcached_univention-self-service.conf (code=exited, status=67)
Main PID: 17508 (code=exited, status=67)
Okt 01 11:30:46 replica systemd[1]: Started memcached daemon (univention-self-service instance).
Okt 01 11:30:46 replica systemd-memcached-wrapper[17508]: can't find the user self-service-umc to switch to
Okt 01 11:30:46 replica systemd[1]: univention-self-service-passwordreset-umc.service: Main process exited, code=exited, status=67/NOUSER
Okt 01 11:30:46 replica systemd[1]: univention-self-service-passwordreset-umc.service: Failed with result 'exit-code'.
Root Cause
This issue is identified as a bug in the Univention Self-Service App’s installation routine on replica servers. The relevant bug report can be tracked on the Univention Bugzilla: Bug 51256.
Workaround
To resolve this issue, manually create the self-service-umc system user on the affected replica server and then restart the service.
Step 1: Check for the existence of the self-service-umc user
Open a terminal on the replica server and run the following command:
getent passwd self-service-umc
If the user does not exist, you will not receive any output. If the user exists, you would see an output similar to:
self-service-umc:x:135:65534::/var/lib/univention-self-service-passwordreset-umc:/usr/sbin/nologin
Step 2: Create the self-service-umc user
If the user is missing, create it using the adduser command and set the correct permissions for its home directory:
adduser --system --ingroup nogroup --home /var/lib/univention-self-service-passwordreset-umc self-service-umc
chmod 0700 /var/lib/univention-self-service-passwordreset-umc
Step 3: Restart the univention-self-service-passwordreset-umc.service
After creating the user, restart the service to apply the changes:
systemctl restart univention-self-service-passwordreset-umc.service
Step 4: Verify the service status
Confirm that the service is now running correctly:
systemctl status univention-self-service-passwordreset-umc.service
The output should now show the service as active (running):
● univention-self-service-passwordreset-umc.service - memcached daemon (univention-self-service instance)
Loaded: loaded (/lib/systemd/system/univention-self-service-passwordreset-umc.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2025-05-20 15:17:07 CEST; 2min 13s ago
Main PID: 12252 (memcached)
Tasks: 10 (limit: 4915)
Memory: 1.1M
CGroup: /system.slice/univention-self-service-passwordreset-umc.service
└─12252 /usr/bin/memcached -m 64 -s /var/lib/univention-self-service-passwordreset-umc/memcached.socket -a 600 -M -u self-service-umc