Bug 181528
Summary: | nscd caches incorrect user shell information | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 3 | Reporter: | Ian McLeod <imcleod> |
Component: | glibc | Assignee: | Jakub Jelinek <jakub> |
Status: | CLOSED ERRATA | QA Contact: | Brian Brock <bbrock> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 3.0 | CC: | aoliva, drepper, tao |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | 2.3.2-95.44 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2006-11-20 16:28:20 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Ian McLeod
2006-02-14 20:29:44 UTC
In revisiting this bug I've discovered an error in how I described the problem. It seems that when this happens, the username in question is always referenced indirectly in the passwd file via +@ notation and the netgroup NIS database. So, the passwd snipit above should really read: +@mq_acts:::::: +::0:0:::/bin/false Where the netgroup "mq_acts" contains an entry for the "mqm" user. All other details of the problem remain the same. (And this is something we continue to see on occasion on both AS 2.1 and RHEL 3.) If it is one of the getXXbyYY{,_r} lookups rather than getXXent{,_r}, then it might be because nss_compat uses innetgr function in several places to see if a particular use is in a netgroup or not. Now, innetgr has no error reporting, it only returns 1 if the netgroup contains the machine/user/domain triple and 0 otherwise. So, 0 can be returned both when there really is not such triple or if some error occurred (such as transient failure due to busy NIS server). Not sure what's better, if to keep the code as is, or use some other function instead of innetgr and fail the whole request just because the netgroup lookup failed. |