Bug 675007
Summary: | sssd corrupts group cache | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 5 | Reporter: | Jeff Schroeder <jeffschroeder> |
Component: | sssd | Assignee: | Stephen Gallagher <sgallagh> |
Status: | CLOSED ERRATA | QA Contact: | Chandrasekar Kannan <ckannan> |
Severity: | urgent | Docs Contact: | |
Priority: | urgent | ||
Version: | 5.6 | CC: | a9016009, benl, dpal, grajaiya, jgalipea, jwest, kbanerje, msvoboda, ovitters, prc |
Target Milestone: | rc | Keywords: | ZStream |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | sssd-1.5.1-7.el5 | Doc Type: | Bug Fix |
Doc Text: |
While running the LDAP cache cleanup task, an issue with a corrupted group cache occurred, and the user was stripped of membership of every group except his primary group. This issue has been fixed and the aforementioned problem now no longer occurs.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2011-07-21 08:10:30 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 712134 |
Description
Jeff Schroeder
2011-02-03 21:47:19 UTC
There are actually two issues revealed here. 1) During the ldap cleanup task, we're attempting to write to the LDB without a transaction active, which is throwing an error. 2) This also reveals that we're apparently making some bad decisions somewhere about which groups need to be removed. We shouldn't be seeing the above error because none of the groups in question should be on the purge list anyway. Verified in version: # rpm -qi sssd | head Name : sssd Relocations: (not relocatable) Version : 1.5.1 Vendor: Red Hat, Inc. Release : 34.el5 Build Date: Tue 03 May 2011 10:46:09 PM IST Install Date: Wed 11 May 2011 02:07:53 PM IST Build Host: x86-004.build.bos.redhat.com Group : Applications/System Source RPM: sssd-1.5.1-34.el5.src.rpm Size : 3508089 License: GPLv3+ Signature : (none) Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla> URL : http://fedorahosted.org/sssd/ Summary : System Security Services Daemon 1. User6 added as follows: dn: cn=user6,ou=People,dc=example,dc=com objectClass: posixAccount objectClass: top loginShell: /bin/bash uidNumber: 5203 gidNumber: 5203 uid: user6 cn: user6 homeDirectory: /home/user6 userPassword: {SSHA}Y4jrPr0Lx/1byf5/amkJhdVYEgsOwjtX dn: cn=grp1_user6,ou=Groups,dc=example,dc=com objectClass: posixGroup objectClass: groupofuniquenames objectClass: top gidNumber: 5203 cn: grp1_user6 memberUid: user6 dn: cn=grp2_user6,ou=Groups,dc=example,dc=com objectClass: posixGroup objectClass: groupofuniquenames objectClass: top gidNumber: 6203 cn: grp2_user6 memberUid: user6 dn: cn=grp3_user6,ou=Groups,dc=example,dc=com objectClass: posixGroup objectClass: groupofuniquenames objectClass: top gidNumber: 7203 cn: grp3_user6 memberUid: user6 dn: cn=grp4_user6,ou=Groups,dc=example,dc=com objectClass: posixGroup objectClass: groupofuniquenames objectClass: top gidNumber: 8203 cn: grp4_user6 memberUid: user6 dn: cn=grp5_user6,ou=Groups,dc=example,dc=com objectClass: posixGroup objectClass: groupofuniquenames objectClass: top gidNumber: 9203 cn: grp5_user6 memberUid: user6 dn: cn=parent_grp1_user6,ou=Groups,dc=example,dc=com objectClass: posixGroup objectClass: groupofuniquenames objectClass: top gidNumber: 10203 cn: parent_grp1_user6 memberUid: grp1_user6 memberUid: user6 2. Enumerate user6 and it's groups # getent -s sss passwd user6 user6:*:5203:5203:user6:/home/user6:/bin/bash # getent -s sss group grp1_user6 grp1_user6:*:5203:user6 # id user6 uid=5203(user6) gid=5203(grp1_user6) groups=5203(grp1_user6),8203(grp4_user6),7203(grp3_user6),10203(parent_grp1_user6),6203(grp2_user6),9203(grp5_user6) context=root:system_r:unconfined_t:SystemLow-SystemHigh # id -g user6 5203 # groups user6 user6 : grp1_user6 grp4_user6 grp3_user6 parent_grp1_user6 grp2_user6 grp5_user6 Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: While running the LDAP cache cleanup task, an issue with a corrupted group cache occurred, and the user was stripped of membership of every group except his primary group. This issue has been fixed and the aforementioned problem now no longer occurs. An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2011-0975.html |