Bug 132608
Summary: | glibc: [RFE] NSS auto-reload nsswitch.conf | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 8 | Reporter: | Craig Lawson <craig.lawson> |
Component: | glibc | Assignee: | glibc team <glibc-bugzilla> |
Status: | CLOSED WONTFIX | QA Contact: | qe-baseos-tools-bugs |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 8.1 | CC: | ashankar, codonell, dj, dpal, fweimer, jhrozek, lavila, mnewsome, pbrezina, pfrankli, spoore, tvaughan, vchepkov |
Target Milestone: | rc | Keywords: | FutureFeature, Reopened, Triaged |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Enhancement | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2022-11-18 14:09:30 UTC | Type: | Enhancement |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1710894 | ||
Bug Blocks: | 1110700, 1420851, 1473733, 1477664, 1679810 |
Description
Craig Lawson
2004-09-15 01:40:14 UTC
Internal RFE bug #132670 entered; will be considered for future releases. That file will never be automatically reloaded. The file is not supposed to be changed after the initial configuration and if it does, better reboot and restart all relevant programs. I will not add any code which penalizes normal operations. All this can in general be avoided by using nscd. If nscd is used only this one program needs to be restarted for the new setting to be used. If you need to use change the nsswitch.conf setting for services other than passwd, group, and hosts then this is something else. The solution then might be to add support for these other services to nscd. So in summary, us nscd and never let programs directly use NSS services. Now that we're out of the dark ages of 2004, and inotify is generally everywhere, can we re-open this and set an inotify trigger that re-reads the file if changes. This doesn't help systems without inotify, but it will at least un-break 90% of the systems out there and make for a better user experience. I'm reopening this bug to see if this can be solved for RHEL8. RHEL8 currently ships authselect, which is a successor of authconfig. Both these tools configures nsswitch.conf per customer requirements. Given the current focus on Ansible and similar automation of system provisioning, it would be very nice to not require system reboot after nsswitch.conf is changed. In addition, we hit an issue in authselect that requires at least systemd-logind to be restarted to allow authentication of remote users [1]. This is because we made pam_systemd for session phase required [2] instead of optional and of course without fetching changes in nsswitch.conf pam_systemd is not aware of users from newly added passwd modules. This can be worked around in authselect or systemd but it would only solve the issue for this one process. Doing this on glibc level would solve it globally. Thank you for reconsideration. [1] https://bugzilla.redhat.com/show_bug.cgi?id=1657295 [2] https://bugzilla.redhat.com/show_bug.cgi?id=1643928 We're going to review this during the next development cycle. In general we have been moving certain services to support dynamic reloading via carefully considered semantics. For example we now reload /etc/resolv.conf for dyanmic network changes. In the case of NSS things are a little more complicated, we can't unload any existing services (so RSS goes up if you keep changing services) since they might currently be in use, but we could load new services and transition to using them (may require some slightly different structure for the locking). We will keep this issue updated with any progress, but it might not be until RHEL 9 that we get this fixed. The fix has to get accepted upstream first, and we will want to test it out thoroughly, stablize it, all before we consider inclusion in RHEL. I want to clarify a few of the expected semantics when it comes to /etc/nsswitch.conf reloading. There are two aspects to this problem: (a) Reloading of /etc/nsswitch.conf upon change. (b) Retrying NSS services which previously failed to load. Note that (b) is critically important because there is a race where it may not be possible to guarantee that the nsswitch.conf is updated first before the listed module is finished being written to disk. Therefore we must manage both scenarios correctly, and consider their implications on an upstream solution. *** Bug 1065009 has been marked as a duplicate of this bug. *** *** Bug 1662470 has been marked as a duplicate of this bug. *** Upstream patches are currently under review. We will consider backporting these changes once they become available upstream. Until then, this enhancement is only tracked upstream. Upstream patches have landed in glibc 2.33. Reopening for backport evaluation. Given the life-cycle stage of Red Hat Enterprise Linux 8, we do not plan to address this issue. In Red Hat Enterprise Linux 9, glibc automatically reloads /etc/nsswitch.conf and reacts to changes. |