The shared memory is created with the same user and group as the running user. If the shared memory has not been created yet, then there is a potential problem that the user first runs the "ods-hsmutil login" as root and then start OpenDNSSEC which drops privileges. The code will refuse to use or cannot use the shared memory because it belongs to another group.
The solution can be:
- Run sudo -u user -g group ods-hsmutil login, or
- Let ods-hsmutil drop privileges just like Enforcer/Signer Engine.