| Summary: | mock fails on nested groups | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Sandro <gui1ty> |
| Component: | mock | Assignee: | Clark Williams <williams> |
| Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | medium | Docs Contact: | |
| Priority: | low | ||
| Version: | 14 | CC: | dcantrell, mebrown, williams |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2011-05-06 21:04:42 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
I spoke too soon. 'getent mock' only returns the members as listed in '/etc/group': mock:x:489:@sysadmin-main,@sysadmin-terminal 'sysadmin-main' and 'sysadmin-terminal' being the groups that are allowed to run mock. Sorry, for the confusion. This package has changed ownership in the Fedora Package Database. Reassigning to the new owner of this component. |
Description of problem: Mock fails to run if user is in a group that is member of group mock. We are using ldap for account management and have a couple of servers on which groups of people are allowed to run mock builds. In the past it was sufficient to modify /etc/pam.d/mock and add some ACLs on /var/lib/mock. In our setup user 'sandroj' is member of group 'sysadmin-terminal'. Group 'sysadmin-terminal' is member of the local group 'mock' on servers that are designated as build hosts. Version-Release number of selected component (if applicable): mock-1.1.7-1.fc14.noarch How reproducible: Always Steps to Reproduce: 1. run mock 2. 3. Actual results: ERROR: Must be member of 'mock' group to run mock! (['sysadmin-main', 'OGD', 'svn-terminal', 'puppet-masters', 'sysadmin-terminal', 'PLAP-Admin', 'sysadmin-zarafa', 'sysadmin-test', 'sysadmin-www', 'git-terminal-codebase', 'sysadmin-mirror']) Traceback (most recent call last): File "/usr/sbin/mock", line 445, in <module> def do_buildsrpm(config_opts, chroot, options, args): File "/usr/sbin/mock", line 539, in main groupcheck() File "/usr/sbin/mock", line 496, in groupcheck raise RuntimeError, "Must be member of 'mock' group to run mock! (%s)" % members RuntimeError: Must be member of 'mock' group to run mock! (['sysadmin-main', 'OGD', 'svn-terminal', 'puppet-masters', 'sysadmin-terminal', 'PLAP-Admin', 'sysadmin-zarafa', 'sysadmin-test', 'sysadmin-www', 'git-terminal-codebase', 'sysadmin-mirror']) Expected results: Well, mock not complaining. Additional info: Mock should be able to deal with nested groups by querying members of group mock instead of the grouplist of the user running mock. 'getent mock' on the affected system returns all members of group mock. This list could then be checked against the user running mock.